5 Tips for Securing your WooCommerce Store After it Launches

5 Tips for Securing your WooCommerce Store After it Launches

In our previous post, we covered the 7 ways to keep your WooCommerce store safe. Now, we are going to go through 5 tips for securing your WooCommerce store after it launches.

Security is not something you can just set and forget. It will be an ongoing effort to keep your store safe against hackers, viruses, and malware.

These next steps will be a bit more advanced, but they are well worth the time so that your store, your data, and your customer’s data is kept completely safe.

Step 1: WordPress Version Number

Hiding your WordPress version number may be a round-a-bout way of securing your site, but it does help. This is especially handy if you like to test updates on a staging site before actually implementing them or if you tend to update your WordPress version or plugins a little late.

By hiding your WordPress version number, you are making it so hackers cannot look at your source code and figure out if you have or have not updated your site and store.

This should NOT be used as your main line of defense against hackers as this does not actually protect your site since a hacker can still take a gamble at whether your site is updated or not. Hiding your WordPress version number works really great if there’s a lag between testing updates and implementing them but you should always be sure that your WordPress version, plugins, and themes are always up-to-date.

Your WordPress version number can be found in three different places:

  • Generator meta tag in header
  • Generator meta tag in RSS feed
  • Query strings

You will want to copy and paste this code into your functions.php folder and it will hide your WordPress version number in all three places.

Again, remember that this should really only be used when you have a short amount of time between testing and implementing updates and it is not a permanent security solution.

Step 2: Force Secure Checkout

This next step will really help protect your customer’s sensitive data (like billing and credit card information) by forcing any pages related to the checkout process to use HTTPS, which is a secure connection. Only your store and your customer’s browser can decrypt the information over an HTTPS connection.

Forcing secure checkout is an extremely easy step and should not be overlooked. All you have to do is make sure that the “Force Secure Checkout” option is checked in your WooCommerce Checkout settings. Make sure that you have a valid SSL certificate or you will not be able to do this.

You can learn more about SSL and HTTPS in WooCommerce here.

Step 3: Daily Backups and Security Scans

We touched on this in our last WooCommerce security article but it is definitely important enough to talk about again.

First off, daily backups and security scans on your site and store are a must to keeping your store safe and secure. In plugins like Jetpack Protect, you can choose real time scans and/or you can also choose daily scans. We highly recommend that if the plugin you’re using gives you the option for daily scans, you should be doing that. You can of course choose the option for real time scans as well if you have that choice.

Daily backups are incredibly important in case you lose any of your data during a hack or update and daily scans are there to help prevent infections or a loss of data.

Step 4: Change Database Table Prefixes

The default prefix for database tables is wp_. Since hackers already know this tidbit of information, they could place infected code in to your server. By changing the wp_ prefix, you can turn the expected, into the unexpected for hackers.

This requires a bit of coding and SQL queries in phpMyAdmin but it is definitely doable. Here is an example of how you could rename your default prefixes.

Change from wp_config to wp_VzQCxSJv7uL_config

Change from wp_posts to wp_VzQCxSJv7uL_posts

Change from wp_users to wp_VzQCxSJv7uL_users

You can read this article to learn more about SQL queries and how to change all of your default prefixes.

There are some plugins out there that will do this for you but we don’t really recommend this since you would be allowing access to your SQL database which can be very dangerous. If you do decide to use a plugin instead of using SQL queries, be sure to completely uninstall the plugin after you are done with it.

Step 5: Change Your Admin Username and Password

This last step may seem silly, but it’s something that many online store owners never realize is a big security issue. Like your default prefixes, the default admin that WordPress creates when you first started your site is almost like common knowledge with hackers. They know that an administrator account is exists on your site and if your username is something like “admin” or “owner” or “testadmin”, they can try to brute force their way in because it can be very easily guessed.

Simply changing your admin username to something more complex, like a nickname or your first and last name with lowercase and capital letters, can deter hackers since your username will be harder to guess at.

Once you’ve changed your administrator account’s username, you will also want to make sure that you have a complex and strong password for that administrator account as well if you don’t already. You can look back at our previous article here for more information on creating secure passwords.

Security Should Be A Priority

Again, security should be a main priority for the upkeep of your store. Without it, you and your customers become vulnerable to attack. Make sure to keep your site and store updated and always keep an eye out for the latest trends in security and for suspicious activity. The more vigilant you are about security, the better your store will be and the happier your customers will be.

 

If you have any questions about these 5 tips for securing your WooCommerce store after it launches or if you’d like to sign up for our WordPress Security Class or our WordPress eCommerce Class, please give us a call at 877-844-9931 or email us at rick@wp-learningcenter.com.