Security

Estimated reading: 2 minutes 8 views

1. Secure Payment Processing

Zozonest handles monetization without compromising financial safety.

  • Gateway Tokenization: When using Stripe or PayPal, the plugin uses “tokenization.” This means sensitive credit card data never touches your server; it is handled directly by the secure payment processor.

  • PCI Compliance: By offloading payment handling to trusted gateways, your site remains compliant with international payment security standards.

  • Encryption: All payment-related communication is forced through HTTPS to ensure data cannot be intercepted.

2. User Data & Access Control

The plugin manages “who can see what” through a strict Role-Based Access Control (RBAC) system.

  • Input Sanitization: Every piece of data entered (like a property description or a search query) is “cleaned” (sanitized) to prevent SQL Injection or XSS (Cross-Site Scripting) attacks.

  • Nonce Verification: Zozonest uses WordPress “Nonces” (Number used once). This protects your site against CSRF (Cross-Site Request Forgery), ensuring that a user only performs actions they actually intended to do (like deleting their own listing).

  • Secure File Uploads: The property gallery prevents users from uploading dangerous file types (like .php scripts). It strictly limits uploads to images (JPG, PNG, WebP) and documents (PDF).

3. Lead & Communication Security

To protect the privacy of your agents and buyers:

  • HoneyPot Protection: The property inquiry forms include hidden “HoneyPot” fields that catch spam bots without requiring annoying CAPTCHAs for real humans.

  • Internal Messaging: By using the User Inbox System, buyers can communicate with agents within the site. This prevents agents’ personal email addresses from being scraped by public web crawlers.

  • GDPR Compliance: The plugin includes tools to help you stay compliant with data privacy laws, such as “Terms & Conditions” checkboxes on registration forms and the ability for users to export or delete their data.

4. API & Developer Security

For those using the REST API or custom hooks:

  • Authentication Requirements: The REST API endpoints for managing properties require proper authentication (like Application Passwords or OAuth), ensuring random strangers can’t edit your listings via the code.

  • Rate Limiting: Protects your server from “Brute Force” attacks where a bot might try to submit thousands of listings or search queries per minute.

Leave a Reply

Your email address will not be published. Required fields are marked *

Share this Doc

Security

Or copy link

CONTENTS

Powered By EazyDocs

Forgot Password

Register