No announcement yet.

PCI Compliance on WPEngine Servers

  • Time
  • Show
Clear All
new posts

  • PCI Compliance on WPEngine Servers

    We're using Gravity Forms on WPEngine. I need to know if using your Gravity Forms plugin processes or transmits the transaction using our server or your server. Anyone who uses WPEngine cannot process or transmit transactions using a WPEngine server, it's a violation of WPEngine's hosting agreement. You can read that agreement here.

    For other payment processors like Stripe and PayPal they have a Gravity Forms add on that ensures processing AND transmission are not done through our site. It's similar to an iframe in that the credit card field is generated by their service so all field data is transmitted by their service not our site. That means our WPEngine hosted site doesn't fall within PCI compliance for transmission using their plugins.

    You address this in this post:

    The tech support person said the following, which leads me to believe your plugin can't be used on WPengine servers but your embedded forms can:

    "All networks that are involved in the transmission are within the scope of PCI. If you are using a native form then your network is in scope. If you use our forms then you are not in scope. Simple. Is your form being used to transmit the data and if the answer is yes then you may be susceptible to the key logging, etc. viruses that may reside on your network. In most cases, the servers that are hosting the GravityFrom or any other 3rd party forms, are in scope and should be PCI compliant."

    Thank you