WooCommerce Security: First steps
While security measures are incorporated by default with WordPress and WooCommerce, there are a couple of essential recommendations you as a store manager ought to follow. This will ensure that you keep your own and your client’s information safe in case of attacks towards your website.
Here are the first few things all new store managers should do right after creating a WooCommerce website.
Choose a Reliable Hosting Plan
You shouldn’t install your WooCommerce store just anyplace — selecting an unsuitable hosting plan can put both you and your clients in danger. Pick a legitimate, solid host that makes site security one of their best needs. Also, make sure to select a hosting plan that provides sufficient server resources.
Our dedicated WordPress Hosting Plan is optimized just for the purpose! It provides a 1-click auto-installer, unlimited traffic and storage space, and most importantly comes with automatic backups!
Enable Secure Connections for your WooCommerce Store
Enabling SSL Connections in WooCommerce is necessary to comply with the latest requirements concerning internet security. Another reason why using secure connections is a good practice is since it is required by most payment gateways.
The process of activating secure connections is quick and simple. Follow our guide How to Install SSL and HTTPS on a WordPress Site to learn how to do it yourself.
You can acquire a paid SSL Certificate from AwardSpace or a third-party SSL provider. Alternatively, you can install a free SSL Certificate such as Let’s Encrypt.
Note: If you get an SSL certificate from AwardSpace, the whole installation can be performed by our technical support team. If you require their assistance, you can contact them by opening a trouble ticket from your hosting control panel.
Use Hard to Guess Passwords for your WooCommerce Website
Choosing secure passwords for any accounts related to your store is required to ensure the overall security of your WooCommerce store. This section will give you advice about the steps you’ll need to take to prevent your passwords from being stolen. This eliminates the chance of third parties gaining access to the administrator area of your eCommerce store.
Make sure to:
- Utilize a separate password for each of your accounts.
- Use a password that contains capital letters, lowercase letters, numbers, and special characters — symbols.
- Avoid using dictionary words, birthday or annual events such as anniversaries, or other combinations that could be guessed easily
- Pay attention to password length. The longer and increasingly complex a password is, the harder it is to guess, even by a program.
Are you concerned about recalling all of your passwords? Try using a password manager software such as LastPass or 1Password to securely store and recover your information. They’re easy to utilize, and they help you remember and manage your account passwords.
Activate Two-factor Authentication (2FA) in WooCommerce
Unfortunately, using a strong password on your store’s administrator account might not be sufficient to protect your WooCommerce store from attackers. If somebody accesses your email or another one of your accounts, they may have the capacity to collect enough data to alter your password and log in.
Two-factor authentication, most often abbreviated as 2FA, is a useful method to shield your online accounts against attackers. 2FA depends on a second step — normally your cell phone — to approve logins and confirm that you are indeed the owner of an account.
To maximize efficiency, you should activate 2FA on the majority of your accounts. In some situations, a person who manages to break into your email account could discover the login data for your store as well as other accounts records. In any case, with 2FA, they won’t be able to validate the logins and gain access.
One negative consequence of including this second step is that it adds more time to your login procedure. However, it’s worth the effort since it greatly improves the security of your WooCommerce store, and it reassures you that your personal information is well protected.
Searching for an application to deal with your 2FA details? We would suggest you to try using Google Authenticator — it’s free, and it’s accessible for the two iOS and Android gadgets. Logins can be added in seconds with only a click.
Set up Google Authenticator on your cell phone (for free!) to make 2FA a breeze.
Prevent Brute Force Login Attacks of Your WooCommerce Store
Even with the best passwords imaginable and 2FA enabled, some attackers may still attempt to brute force their way into your website dashboard. Fortunately, there’s a straightforward method to keep them out.
Jetpack’s additional Security Features, more specifically Jetpack Protect, enable you to define the maximum number of unsuccessful sign-in attempts in your WooCommerce store anybody can make before their IP address is blocked. Malicious login attempts are halted in their tracks, keeping attackers where they belong – out of your website.
Jetpack will display to you the amount of blocked login attempts right on your WordPress Dashboard.
To ensure that security measure doesn’t cause problems for you, in case you have forgotten or you have mistyped your password, Jetpack also enables you to whitelist a specific IP address. Whitelisting your IP address will ensure that you are never locked out from accessing your website. You can likewise allow access of additional IP addresses using your WordPress settings.
Check and Alter the Settings on Your FTP Directories
A basic precautionary measure you can take is to secure the directories of your website through FTP. It is advisory to protect all directories that are of crucial importance. This process should only take you a couple of minutes at most.
Compromised passwords could make it possible for an attacker to gain access to your website using FTP, where they could transfer harmful files to your WordPress directories. Thankfully, restricting the write access on these directories can keep attackers out and decrease or even totally dispose of the potential for harm.
Make sure that only your FTP account has write access to the following directories:
- The root directory (excluding .htaccess if you utilize a WordPress plugin to set up URL rewrites)
You will likewise need to give your server write access to wp-content.
For more information about securing your FTP, examine this segment of the WordPress Codex.
Regularly Perform Backup and Updates of Your WooCommerce Website
The last WooCommerce security tip we have for those of you who are just beginning is this: don’t disregard updates.
The process of updating WordPress, WooCommerce, and your other plugins and themes may appear at some point appear to be a waste of time. Since we advise you to at least make a backup of your website files, you may be tempted to perform those updates a chance to slide until “later.”
However, “later” is the ideal time for an attacker familiar with security exploits and weaknesses to get to your store! There is a reason for releasing software updates, and they frequently improve the security of your WooCommerce store. So by disregarding them, you could be putting yourself — and your clients — in danger.
What is the ideal method to handle this? Reserve a period of time every month, at regular intervals, or even every week to perform backups and install updates. Create reminders in your calendar if necessary — simply set aside a few minutes for the procedure.
If you plan time for updates and include them into your daily schedule, performing these tasks will rapidly become an easier task to manage. What’s more, soon, you’ll be running a store that has hardened security against attacks without realizing it.
As well as the rest of your WooCommerce website plugins, It is important to also perform regular updates of your WordPress theme. If a WordPress theme has not been updated by its developer for a long time, this might indicate that it may present a security hole for your website. We have compiled a list of the 6 Best Free WooCommerce Themes that you can trust. By using the themes from our list of recommendations, you can rest assured that you will be protected from security exploits.
When Creating your WooCommerce Store, Make Security a Priority
It’s easy to disregard the security of your WooCommerce website in all the hurry of launching your eCommerce store; however, it’s not something you should skip. Securing WooCommerce should be a top priority for every eCommerce store owner from the very beginning.
As a store manager, it is your responsibility to protect your website against attacks. What is more is that since your customers interact with your website and provide their personal information, it is imperative that you prevent third-parties from gaining access to such personal information.