Settings for a Gen4 VPS (with cPanel) for PCI Compliance
As more and more businesses are starting to go online, a big issue is PCI Compliance.
If you are using a service likestripe.comor PayPal - they actually handle the PCI compliance - this is why you typically have to leave your site or the credit card fields are in a pop-up window.
PCI Compliance comes into play when you have your own merchant account and a service like Authorize.net
Without going into all the details, PCI Compliance deals with security policies / procedures / settings as it relates to how you handle credit card processing.
There are a few different PCI Scanning Companies which the banks use to scan your server. Some may report various false positives which others do not. This article is not the end all be all of the answers to every last item that may get flagged but it will address many of them / advise to the best practices.
The very first thing is to make sure you have update the yum repositories so that you can have the latest versions of software available. You may have to add some additional repositories to get more recent versions than what is included with CentOS 7
This is a great reference for using different yum commands
The next step is to setup a firewall on the server - While there are command line firewall utilities I recommend the ConfigServer Security & Firewall - This has a nice User Interface within WHM and has some very good detailed explanations of what each setting is.
Also under WHM -> Service Configuration -> Apache Configuration -> Include Editor
Pre Main Include
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
This should get you most of the way to having a scan which passes. Some of the other things that you may have to do is to upgrade OpenSSH - this is command line based and should only be done by someone who knows how to compile sources on the server as this often has to be done manually.
Even if you do not have a need for passing a PCI compliance scan - these are good security measures for hardening your server.
I am a GoDaddy End User - Just Like You Check out my site! | I currently manage over 300 WordPress Websites * Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *
Once your issue is resolved, please be sure to come back and click accept for the solution