This is more then likely a server configuration that is giving you the failed test results, not Concrete5.

There are some small things you can do to tighten up concrete5 to help with scans, but more then likely your server needs to be configured to be PCI compliant.

Are you on a dedicated or VPS server?

I am hosting with DreamHost at the Moment.

I like their price and options. Their speed seems lacking at the moment and I don't have the cash flow at the moment to switch to a dedicated server through them.

According to them everything is configured fine with my account and their servers and they are pointing the fingers at Concrete5.

Since this is a Transmits login credentials without encryption error and another bug I can't think of at the moment.

I think I can fix some of those, could you rotate the PDF? its kinda a pain to read sideways :)

also, ask dreamhost to turn off directory listing, that should solve some of those issues.

PM if you need some help.

Mike

I just looked over it again,

not where I saw those fails, but I don't see them now,

All of those are server issues, you may have to get a VPS or Dedicated server to make the changes, (apache needs to be updated, andhttp://75.119.202.239/stats/ needs to be disabled).

I only see 4 fails. and all 4 could be fixed by updating apache, and disabling /stats/

Thanks!!!! I have contacted my host to see if this is something that they can update and fix.

As for the PDF there is a rotate button. I didn't realize tell after I posted it that it printed sideways. Sorry.

Any Idea why the Cart runs slow and why the site seems slow?

Dreamhost has responded. This is what they wrote. DO you know what version they should be on?

"What version does your security provider require? We are running Apache 2.2.17.

Also, I'm not sure why the forum member suggested that disabling stats would fix the errors. However, at your request, stats has been disabledhttp://75.119.202.239/stats. If you have any additional questions, please let us know.



Thanks!
Brian S"

you need atleast version 2.2.22 for apache,

as for the /stats it was because the login details were being sent of http instead of https.

try having the site rescanned after they update apache.

Thanks I will let them know. You have been very helpful.

Any thoughts on why the Cart would be running slow and take so long to move from screen to screen? The Database is not that large nor is the website in general.

What do you mean, the cart seeps snappy to me,

when you hit checkout and go through the process. it takes 10 to 40 seconds per page no matter how many items are in the cart and regardless of whether or not your signed in or checking out as a guest. Database is not that large. 22 mb I believe. Also is there a good desktop Database admin program I can use to admin the database from home without having to use the webpanel admin.

I've seen that happen in a case where my client (without my knowledge) added thousands of discount codes, for some sort of coupon promotion deal thingo.

Using any discounts?

Yes he is using tons of coupons/discount codes. He is using them to track his athletes and how much business each of them refer to him. So how do we get this to work faster? Also why have a coupon feature if it doesn't work?

When I looked into this, I found that the coupon code processing was more complicated that it would seem - at each step of the checkout it needs to check each coupon code for validity (since there are lots of different ways they can work and multiple codes can apply).

Because of this complexity, it creates a lot of php objects in memory, slowing things down. It might be something that can be improved in the future, but I couldn't see a nice way to fix it straight away - I had to suggest to my client they cut their code list back down.

The coupon codes do work fine, but I believe they were never intended to be used beyond simple promotions and occasional discounts for particular customers. It's a case of doing something with it it wasn't designed for.