I realise this is very vague I'm just trying to work out if I can do something. How would I go about building something similar to this in wordpress? is it possible?
http://www.thesisonline.co.uk/
What it needs to do
1. User uploads a file
2. User fills in a form that calculates a cost
3. Cost is passed securely, to a secure form that the user can enter their credit card details and pay.
I imagine for the last step I'll have to use something to make it secure and all legal, sage pay etc. not sure which is the best option.
Well i am not an expert of WordPress but what you have mentioned is quite possible in WordPress with some coding skills and using any of existing e-commerce plugin available in WordPress.
How the cost will be calculated is entirely dependents upon you and how to set your business rules, once you have your business rules to calculate the cost you can proceed for payment.
This is the main secure and sensitive part of any e-commerce application and you have to integrate your application with Payment Gateways so that things can be handled by the gateway itself for you (like security and other things)
i just saw this plugin of WordPress WordPress E commerce plugin and it provides integration with payment gateway which means your most of the work has already been done by the plugin itself
but if you are working towards a serious e-commerce application always suggest you to choose any e-commerce platform rather than an extension of a platform which is developed with some other objectives.
Related
I have been programming a small e-commerce platform to sell jewelry.
Initially I wanted to make it web3 compatible ( accept meta mask payments ) and given that I work as a dev I wanted to take the DIY approach as opposed to platforms like Shopify specifically.
Now that I’m getting closer to finishing the website , I contemplate to myself - should I just switch to using Shopify instead ? My contemplation stems from unknown vulnerabilities that I am anticipate ..
My site uses Stripesnd paypal for payments. I don’t save any other data besides order info and shipping address .
Is there any underlying vulnerabilities that Shopify takes care of that I’m not thinking of ?
It seems simple enough to take payments on a site but I have a feeling I am not thinking about some major implications of not using a platform like Shopify .
On one hand I’d really like to use my own website given all the time I’ve spent making it ( also like my front end design better than any template I’ve seen ) so this post is for people to give me their perspective on both pros and cons so I can decide whether I just neeed to dump my work and start over with Shopify or continue on the way forward with DIY coming out as hero ;)
Thanks In advance fam
It is perfectly possible to make your own website and make it secure enough, somebody made Shopify too after all. :) It is also easily possible to leave vulnerabilies in your code that then get exploited. The problem is that if you don't have a good grasp of what you should have even looked at, it will be quite challenging to actually get it right.
You should be aware of potential code level vulnerabilities, and use secure coding and architecture principles to structure and code your website. OWASP is a great resource that helps with learning about those. Higher level principles include things like least privilege, segregation of duties, defense in depth, minimizing attack surface, secure defaults, failing securely and so on. Actual code level vulnerabilities include things like SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), tampering with parameters, session management errors, authentication or authorization errors and so on, there is a lot of these. And your 3rd party libraries that you included can (and will) also have some of these, how will you discover that, and will you have the capacity to keep up with latest versions?
When hosting your own service (even in an IaaS cloud environment like AWS EC2), that brings its own challenges in terms of security too - you need to care about the ops side of security as well. Things like would you even notice if there's an attack? Would you know what to do if a customer called with their money spent on things they didn't buy? Would you have forensic evidence to prove if they are actually lying? :)
You can use tools to scan for some of these vulnerabilities, but that will never be comprehensive - actually, nothing will. Automated tools are very useful, but will miss a lot of things. You can also buy penetration testing services, some of those are really good (and some not), they will find vulnerabilities the same way attackers would - but those are quite expensive.
However, having said all this, the most important thing is to keep your defenses proportionate to the risk. This basically means you don't want to spend more on securing your website than the maximum amount you may lose in case of a compromise. Outsourcing payments to Stripe or Paypal is a great start, because if you have the integration correctly set up, you likely already limited the maximum possible loss quite a bit.
So should you code an ecommerce website yourself, and sell stuff? In the light of the above, it's very opinionated, but I think why not, just consider the above, manage your risks, learn about potential vulnerabilities, mitigate them the best you can, and prepare for things to go wrong. In the end, it's probably cheaper to just use a ready-made service, though a lot less fun. :)
I would say, you should... and you can use any SaaS eCommerce platform: Shopify or BigCommerce or Snipkart without giving up your DIY custom features, because those platforms can be used as a headless eCommerce platform.
This way you don't have risks around managing backend and data (platform will do this, and not loosing the custom features and fine-tuned customer experience you implemented yourself)
I am developing an eshop website based on Nuxt.js (Vue) for the frontend and Laravel for the backend.
I am at the stage where the payment is being done and thinking what my options are.
My payments provider offers two options: Redirect and Native.
The first option basically redirects the user from my spa to the payments provider page to fill in their card details and perform the transaction. Afterwards it redirects back to a predefined page. This option although it is really common (pretty much every company uses it) it also has the disadvantage that the spa loses its state.
The second option is to have a form inside my spa that sends the information to my api which finally performs the request to the payment provider and completes the transaction.
I believe the second option is the best in terms of ux but I am mostly writing this question to ask for your thoughts on this mostly related to law terms and security in general.
Note that I won't store any card details in the second case but even then, can this process be a bad thing for my company?
Quick disclosure: I'm new to stackoverflow and don't have the points to add comments.
Are you currently integrated with Braintree? The Drop-in UI is an excellent way to complete a transaction in a Single Page Application without worrying about page re-directs.
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact Braintree Support.
I'm working on an app that, as one component, accesses the imgur API. I'm trying to work out if it is considered "Commercial" based on three separate possible models. As you can understand, as the sole developer, I'm just a hobby programmer and I want to know if I can build this without a heavy monthly bill from imgur.
From the imgur API doc page;
Your application is commercial if you're making any money with it (which includes in-app advertising), if you plan on making any money with it, or if it belongs to a commercial organization.
What does that mean in these scenarios:
If I'm building an application that as a component of it uses the imgur API, that is not paid for, does not have any ongoing costs, but has a Patreon/GoFundMe/KoFi account attached to it to support development, is that considered "Commercial" here?
If I build the app, but charge a flat $5 for it, and no advertisement/in-app-purchases, is this considered commercial?
If I build the app, do not charge for it, do not post ads, but accept one-off donations towards developmnent, is this considered commercial as per the above?
If I'm building an application that as a component of it uses the
imgur API, that is not paid for, does not have any ongoing costs, but
has a Patreon/GoFundMe/KoFi account attached to it to support
development, is that considered "Commercial" here?
Possibly. Donations can very well be considered a source of income. In addition, you need to look at the second part of the Imgur ToS that you quoted:
plan on making any money with it, or if it belongs to a commercial
organization.
Will the app remain free forever after a limited period of development?
If I build the app,
but charge a flat $5 for it, and no advertisement/in-app-purchases, is
this considered commercial?
Yes, this can be considered commercial. Because you're charging money for the app.
If I build the app, do not charge for it,
do not post ads, but accept one-off donations towards developmnent, is
this considered commercial as per the above?
This is very similar to the first scenario.
The important thing to understand is that there is a great deal of latitude in enforcing the ToS. This is both to ensure the convenience of users, and also to ensure that Imgur's services aren't abused. One of the statements in their ToS states something to the effect of "Don't use us as your CDN". It would seem that is what you're thinking of doing. Unless your app is for a demonstrably social/charitable purpose like curing cancer or world hunger, Imgur might just as well choose to enforce the ToS. Don't risk it. Go for a paid service (Imgur's or another).
To be really sure, one can directly contact Imgur with a link to the app and check with them.
I'm looking for some feedback from entrepreneurs or developers that have used either Chargify or Recurly to handle their recurring billing.
More specifically, I sell a hardware device that works in unison with a companion application and charge a subscription for the functionality of the companion application. I sell both b2b and b2c. Thus, I need a recurring billing platform that can handle a single unit purchase as well as a 10-20k wholesale purchase and be able to track quantities sold. I've noticed Chargify lacks the ability for me to track quantity. Further, we have highly targeted, customized landing pages on HubSpot and would need the two platforms to integrate nicely.
Has anybody had experience with either of these platforms? What do you like and dislike about the functionality and capabilities? Which do you recommend based off what I would need it to accomplish? Alternatively, is there a different platform that you would recommend?
Regarding "I've noticed Chargify lacks the ability for me to track quantity." - Chargify is able to handle this with what they call "components." Your use case is very common and definitely doable via Chargify.
Like a lot of businesses my employer is dealing with the new world of PCI compliance by avoiding the hard stuff and redirecting our customers to a third-party payment service. The process will entail the customer entering order details into our system but then being redirected to the merchant bank's payment service for the entry of those all important card details.
We wish to retain the services of some business that periodically fills in stages 1 and 2 of our order form with some dummy data, presses place order and sees that the URL it ends up at is in fact the one we're expecting, a bit like a bot or a web spider.
If it finds we've been clickjacked it would alert us by text message or twitter feed or whatever the cool kids are using these days.
Does anyone know of a service that performs this function?
No, I don't believe that there is a service like this. Usually companies with specific testing needs like this will use QuickTest Pro.
I'm still in the process of going through some suggestions and hammering out what exactly we're going to do but almost all the info I've gained has come from:
http://www.softwareqatest.com/index.html
A devastatingly useful site which provides more than answers to this functional testing scenario. There are a couple of Web-Based services which execute QA Functional Testing scripts against your site and send alerts and reports if the tests fail.
The two I had a quick look at were http://www.dotcom-monitor.com/ and http://www.watchmouse.com/en/
The latter service uses Badboy scripts in its tests so you can home brew them and then upload to their server for regular execution.