Back to Blogs
9 Ways to Totally Boost Your WooCommerce Security Game
May 2, 2017
Hackers present a tangible threat to online retailers and it’s more important than ever to ensure your website is guarded. One of the best ways to keep your store safe is to create a plan for addressing problems before they occur. This can save you major headaches down the road and it will also keep your customers’ information safe.
Sites built on WooCommerce and WordPress are tempting targets for cyber-criminals, due to their ubiquity and the types of data they tend to contain.
But, first, what are the hacks you’re defending your site from? Hackers are creative and have an arsenal of strategies. Depending on the circumstances, they might try some of the following:
Table of Contents
Our Built Mighty developers have also seen:
So what steps can you take to protect your website from WooCommerce security threats? We recommend implementing the following:
Creating a strong password is one of the simplest things you can do, yet it’s a step that is often overlooked. Yes, using your pet turtle’s name for your password does make it easy to remember, but it also leaves you extremely vulnerable. While Myrtle is a great turtle name, it’s a terrible password. Strong passwords should be:
There are also password managers that help generate and store your security information. We like 1Password for storing and generating secure passwords.
WordPress also has a password strength indicator included. If it recommends a stronger password, pay attention.
This security measure can be easy to overlook, but if you choose easy-to-guess usernames such as “Admin” or “[Company Name]”, you’re removing one step from the login process, which makes it that much easier for a hacker to access your data.
2-Factor Authentications add a second layer of protection to the login process. More and more, this is becoming commonplace. It should be for you as well. When users attempt to access their accounts, a message is sent to an associated cell phone or email account to confirm the user’s identity. Though this extra step can seem irritating in the short term, it’s worth weighing the long-term protective benefits. Our devs recommend WordFence for implementing 2-Factor Authentication, as it also provides protection from brute force attacks, hacks within files and more.
SSL Certificates are a vital part of any eCommerce store. In order to secure the checkout process on your website, you must buy an SSL certificate from a certified vendor in order to keep your customers’ data safe. Websites with SSL certificates have a padlock in the address bar of their browsers, as well as an https:// prior to their site address, both features that shape consumer trust.
Do you have an SSL certificate, but aren’t showing a padlock or https://? It’s time to get in touch with your developer to see if your plugins or themes might not be covered by the certificate, or if some troubleshooting will take care of the problem.
The wrong host can also expose you to attacks, or leave you hanging after attacks do happen. It’s important to research your hosting plan and make sure you have access to free site restoration if something does go wrong, as well as server software that is completely up-to-date. Many hosts will also have preventative tools in place to keep an eye on your site and impede attacks. A common misconception is that you must have WP hosting if you’re operating a WordPress site. Talk with your developer to get insight into what will be the best fit for your needs.
Nonces are used to verify that a request is original and not duplicated. In WordPress, nonces are tokens made up of a combination of numbers and letters. They’re used to check the identity of the user performing a specific operation, helping to protect sites against CSRF attacks. Once the nonce expires, it cannot be used again.
This is generally a good practice for WordPress and WooCommerce (as well as many things in life). Neglecting to update sites and plugins is tremendously risky. When updates aren’t performed, opportunities arise for hackers to take advantage of the resulting holes.
It’s easy to procrastinate on updates, but doing so leaves your site at risk. Updates to plugins, themes, and WordPress itself frequently address security concerns, so it’s important to be proactive. Make a plan with your developer regarding when and how updates will be performed and include time for backups and testing.
Even if you do everything right, things can still go wrong. Make sure there’s a backup plan in place for your website. Whether it’s through hosting or a security plugin, having a backup will allow you to curtail any unexpected damage.
A good WooCommerce security plugin can be a lifesaver. It will help you create the backup plan addressed above, as well as providing options for restoration, should they be needed. Daily scans keep an eye open for fishy activity and some plugins even fight comment spam. Here at Built Mighty we like WordFence but talk with your developer to see what plugin will be the best fit for your website.
Don’t let your site’s security be an afterthought! Taking steps to secure your site now and having a plan in place in case something goes wrong later will keep you and your customers protected. Built Mighty has a variety of proven tools to secure WooCommerce sites against attackers. Contact us today at [email protected].
Your team is about to get a whole lot mightier.
If it sounds like we might be a good fit, send us a message. We’ll get back to you within 24 hours. And then we can hit the ground running.