Online stores are one of the most common targets of cyberattacks. This is understandable, considering all the valuable info that e-commerce sites transfer and store, including addresses, phone numbers, email addresses, and credit card numbers. All this sensitive data needs to be secured to prevent unwanted access.
If there is ever a breach in this security, the trust in your brand and website can take a big hit. However, a security breach is avoidable with some preventive measures. The team at WooCommerce has compiled a detailed list of WooCommerce security first steps.
A Good Host
Where your site lives is an excellent place to start in securing your online store. Security should be a focal point for your host. A quality managed WordPress hosting for WooCommerce will have security features listed on their site. If you need to ask if they have things like SSL certificates, backups, and server firewalls, it may be a good sign to avoid them as your host.
Passwords should not only be strong but should also vary between accounts. When creating passwords, use a mixture of capital letters, lowercase letters, numbers, and symbols. The more random, the better. Avoid things like birthdays, pet/kids names, your vehicle make/model, and similar publicly available information, as these are easily acquired through social media.
Two-Factor Authentication (2FA)
Requiring to log in from 2 different devices is a popular way to ensure a breach doesn’t get worse. If your email gets hacked, they can gain access to password resets. However, if another device is required to log in(say through a text to your phone), they can’t get any further.
Brute Force Attack Protection
Brute force attacks are hackers trying thousands of different passwords to gain access to your accounts. This also slows your website down as it creates a lot of traffic on your site. Plugins like Jetpack block malicious IP addresses before they even reach your site, preventing slow load times.
Extra Layer of Site Protection
Jetpack also provides spam protection, downtime monitoring, an activity log, and automatic updates to help keep your site secure. This extra layer of security will offer much more insight into possible intrusions, so you minimize vulnerabilities and are prepared for future attacks.
SFTP (secure file transfer protocol) is used to transfer files between two devices. An SFTP is typically enabled through your hosting provider. And, while you may make one available to multiple administrators for site maintenance, you want to make sure only you have access to the root directory, wp-admin, wp-includes, and wp-content folders.
Keep Your Site Updated
Keeping your site and plugins updated is crucial. Security concerns are often the reason for these updates, and each update will make your site more secure. Old versions can make for an easy target for hackers.
Backup Your Store
Having a backup site saved is always a good thing to have if your site ever does get hacked. A good hosting company should have backups of your site – typically created on a daily basis. However, make sure to look into the fine print; some might require manual backups or create a backup once and never update, even as your site does.
Make Security a Priority
Too often, security isn’t addressed until after an attack. Be proactive with a host like Pressable, which includes a FREE Jetpack Security Daily account with Personal plan & up. Having the peace of mind knowing your site – and your customers’ info – is protected is worth the time and energy.
Zach has 12+ years of experience with WordPress, from creating and maintaining client sites, to providing support and developing documentation. A knack for problem-solving and providing solutions led Zach to pursue a job with Automattic providing customer support in 2015 working with WooCommerce support, and now Zach has recently joined our team here at Pressable. Outside of work, Zach enjoys spending time with his family, playing and watching sports, and working on projects around the house.