1. For payment by card, all credit and debit cardholders and bank/building society account holders respectively are subject to validation checks and authorisation. If the issuer of your payment card, refuses to, or does not for any reason authorise or validate the payment, we will not be liable in these circumstances for any delay or non-delivery in respect of the products which you have ordered as a result.
  2. By providing the relevant information to us, you specifically authorise us to transmit or to obtain information about you from third parties from time to time, including but not limited to your name, address, telephone number, debit or credit card details, cheque details or credit reports, to authenticate your identity and delivery address for the products, validate your payment card and obtain authorisations for your payments for products.
  3. We use WorldPay to handle our website payment processing so that we don’t need to retain your card details in any of our systems. WorldPay is a highly secure, safe and trusted payment service provider (PSP) and is a division of the business software company Sage.
    By using WorldPay, we are insuring that your card details are not compromised as every transaction is encrypted to the highest global standards. WorldPay’s systems are audited regularly by one of the world’s leading qualified security assessors (QSAs), maintaining the confidence or retailers and customers alike.
    Please never send your card details by email at it is completely insecure.
  4. We encourage all of our customers to enrol their payment card onto their bank’s 3D Secure scheme. This means that when the card is used on our site, the transaction will be referred by WorldPay to your bank, which will request a password from you to authorise the payment. Only you and your bank will know this password, making it a very secure method of protecting your account. 3D Secure can be thought of as “Chip and Pin” for websites. Visa’s name for the system is “Verfied by Visa”. Mastercard’s name for the system is “Mastercard SecureCode”. We use both.
  5. By using WorldPay as one of our payment service providers, you can be certain that your card details will be safe but if they have been compromised elsewhere and then used by a fraudster on our site, you can be assured that we’ll take steps to return your money to you. The WorldPay system includes fraud prevention tools which allow us to identify potentially fraudulent transactions. If we suspect a fraudulent transaction, we will cancel the order and return funds to the card.
  6. Our checkout process uses SSL technology (secure sockets layer) to encrypt data transferred between your browser and our server. This means that no one can eavesdrop in between and obtain your card details or personal information. We use VeriSign, the world’s most recognised brand in internet security certificates.

 

Cookies

WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.

This page is a partial work in progress.

Users

Users are those people who have registered an account with the WordPress blog in question.

WordPress > 2.4

When you log into WordPress from http://example.com/wp-login.php, WordPress stores the following two cookies:

  • Your user name
  • A double-hashed copy of your password

The cookies are set to expire two weeks from the time they are set. (Details of how to change this time).

WordPress > 3.0

On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the admin console area, /wp-admin/

After login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.

WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.

The cookies length can be adjusted with the ‘auth_cookie_expiration’ hook (An example can be found at what’s the easiest way to stop wp from ever logging me out).

Non-Version-Specific Data

The actual cookies contain hashed data, so you don’t have to worry about someone gleaning your username and password by reading the cookie data. A hash is the result of a specific mathematical formula applied to some input data (in this case your user name and password, respectively). It’s quite hard to reverse a hash (bordering on practical infeasibility with today’s computers). This means it is very difficult to take a hash and “unhash” it to find the original input data.

WordPress uses the two cookies to bypass the password entry portion of wp-login.php. If WordPress recognizes that you have valid, non-expired cookies, you go directly to the WordPress Administration interface. If you don’t have the cookies, or they’re expired, or in some other way invalid (like you edited them manually for some reason), WordPress will require you to log in again, in order to obtain new cookies.

The functions to set and remove cookies are currently defined in /wp-includes/pluggable.php.

wp_set_auth_cookie( $user_id, $remember, $secure )
This function sets the cookie.
wp_clear_auth_cookie()
This function will delete the cookie from the client browser. This happens when the user clicks on the Logout link in theAdministration interface.
auth_redirect()
This function also utilizes the cookies. Checks whether the cookie is present on the client browser. If it is not, the user is sent to the wp-login.php login screen. After logging in, the user is sent back to the page he or she attempted to access.

Commenters

When visitors comment on your blog, they too get cookies stored on their computer. This is purely a convenience, so that the visitor won’t need to re-type all their information again when they want to leave another comment. Three cookies are set for commenters:

  • comment_author_{HASH}
  • comment_author_email_{HASH}
  • comment_author_url_{HASH}

The commenter cookies are set to expire a little under one year from the time they’re set.

References

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

0