pci compliance for woocommerce and wordpress

Is woocommerce PCI compliant? Also is wordpress PCI compliant?

  • Adam Czajczyk

    Hello cornelius_butler,

    I hope you're well today!

    The PCI compliance is related to payments and applies to companies that accept credit card payments. That would mean that a site/store would meet very specific and strict requirements to be PCI compliant.

    However, it's not a case with WooCommerce and WordPress as long as you took all the standard security precautions and the site meets all the requirements set by your payment gateway provider of choice.

    Why is that so?

    The point is: you are not collecting, storing and/or processing any cardholder data. That's done by the payment gateway your store doesn't actually have a direct access to the credit card data, as long as payment gateway is implemented properly. Payment processing is based on APIs provided by payment gateways and that's a payment gateway that's storing/processing payment data - they must (and all the major providers are) be PCI compliant.

    Technically speaking, if you are using WordPress with WooCommerce and using for example Stripe or PayPal or Authorize.NET to take payments, all you need to do is to make sure that you did everything you can to make the site secure and that the site is served (at least the "checkout" part) over SSL connection.

    That being said, that's the "technical" aspect but it might be different if you are using some custom payment processing and/or some custom coded checkout processing and/or you actually do directly ask clients for their payment card details (e.g. via some regular form on site, that is not coming from payment gateway implementation - so for example with a Forminator or GravityForms form - and that data is directly handed over to you so you then use it to make payment in the name of the client; that would indeed be not PCI compliant and probably even illegal).

    I think tho that you might also get some legal consultation on this, just to make 100% sure, as I can provide you with some tech background on this but I'm in no way a law expert.

    Kind regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.