Do i need to be an expert on security to have a secure Online Store in my droplet?

I have a big question about security and its requirements. I have a client who needs an online store with Stripe payment processing and I am concerned about hosting their website here or with another company that offers managed service (cw) because we will not have a security expert or anything like that to configure the server, update and maintain top security to prevent theft or leakage of card numbers. We are willing to invest the money in the other managed service company because we know that we will support DigitalOcean in the same way.

From what I am doing here, I have realized that things are easy, everything can be installed in just 1 click from the marketplace but I do not know about security and server protection issues. Do I need to be an expert in security or something related to be able to give full confidence to customers who buy through the online store with a card?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hi @hcmendez,

Your assumption is somewhat correct. Hosting a website where people buy using their cards is quite a challenge. You need to have a PCI compliance test done, I think every 3 months, and their requirements are quite hard.

There is a workaround though, you can decide to use a vendor and once a person wants to buy something from the website redirect them to it. That way you don’t have to worry about storing the data on your droplet directly.

Regards, KFSys