7 Ways to Keep Your WooCommerce Store Safe
We know that setting up a new online store can be exciting and hectic and that sometimes small details can be missed in the setup process. Security is sometimes overlooked by new online store owners but it is one of the most important aspects to keeping you, your customers, and your data safe.
In order to help simplify the process of securing your site, we’ve gathered a list of 7 ways to keep your WooCommerce store safe. Taking time to make sure your site is safe today, will save you a lot of time and money in the long run.
Step 1: Choosing a Host
Choosing a host that puts security as a top priority is extremely important when first starting out. When researching hosting companies, some things that you’ll want to look for are:
- Updates- your host needs to be proactive about having the most recent versions of PHP and security patches
- Backups- your host should do daily backups of your site so if something does go wrong, you can get the most recent backup of your site from them
- Isolation- if one site on the server gets compromised, the virus or hack won’t move on to your site
- Anti-Hack systems- your host should be constantly monitoring and preventing possible hacks, viruses, and malware
We recommend using either WP Engine or SiteGround for your hosting needs. Both have great security features that will keep your site safe. To read more about WP Engine click here and to read more about SiteGround click here.
Step 2: Creating Passwords
After you have chosen a secure hosting option, you will want to make sure that all of the passwords you create for all of your accounts associated with your store are secure. You don’t want anyone being able to guess your password and being able to hack into your site and store. Here are a few tips for creating strong, secure passwords.
- Your passwords should not be the same as other account passwords
- Your passwords should have a combination of numbers, capital letters, symbols, and lowercase letters
- Your passwords should not contain real words or other easily guessed things like birthdays
- Your passwords should be long (at least 12 characters) and complex.
WooCommerce does have a handy feature for helping you determine the strength of your passwords when you are creating a new account. Just simply type in your password and it will tell you if it’s weak, medium, or strong.
If you don’t want to create the password yourself, you can also use the multitude of password generators out there. Most will let you specify the length that you want the password to be along with what types of letters, numbers, and symbols to use.
As far as storing your passwords go, there are also many different password managers like LastPass that will let you securely and conveniently store your passwords and allow you to retrieve them easily.
Step 3: Two-Factor Authentication (2FA)
While having a strong, secure password for all of your accounts is a must, another option you have, and we highly recommend, is to use two-factor authentication, or 2FA, to login to your sites.
This means that if someone hacks into your email and finds your password or requests a password reset for your store login, they won’t be able to because they will not be able to validate and verify the login. 2FA uses a second step (usually your smartphone) after you enter your password to make sure it’s actually you logging on to your site and store.
Apps like Google Authenticator are free and will send you a code that you will need to enter after your password to verify that it’s you. This gives you another level of security to protect your store and data.
Step 4: Unsuccessful Login Attempts
Sometimes people will use what’s called brute force to try to access your site and store. This means that they will try over and over again to login with as many different password combinations that they can. What you can do to protect your site and store against this kind of hacking is to use a plugin that will limit the amount of unsuccessful login attempts. Once the hacker has reached that limit, the plugin will block their IP address so that they can’t keep trying to login and will stop them dead in their tracks.
One free plugin option to use for this is called Jetpack Protect. Jetpack Protect will give you up-to-date statistics on how many unsuccessful login attempts have occurred and even information about blocked spam comments. This plugin also allows you to designate an IP address (example: your own IP address) where unsuccessful login attempts won’t cause problems. You can also disable and enable Jetpack Protect at any time.
Step 5: VaultPress
VaultPress is your next layer of protection for your site and store. VaultPress constantly filters spam, scans for security issues such as malware and viruses, and does daily and real time backups. You can automate restores in VaultPress, as well.
VaultPress will even let you try it for free for 30 days if you’re using WooCommerce. You can follow this link to read more about their features and the WooCommerce 30-day free trial.
Step 6: FPT Settings Directory
Another simple thing you can do to protect your site and store is to limit the write access on your FTP directories. This will make it so hackers can’t put dangerous files on your directories. Make sure only your FPT account has write access to the following things:
- Wp-content (make sure to give your server write access to this as well)
- Root directory (exclude your .htaccess if you’re currently using a plugin for URL redirects)
The WordPress Codex has some really great information about FPT and file permissions, as well. Go here to learn more.
Step 7: Updates
The last and final step we’ll talk about is updates to your site. Number one rule: never ignore updates. Updates almost always contain important fixes and security patches that help keep your site, store, and sensitive data all safe. When you update your WordPress version, themes, and/or plugins, always make sure to backup your site first just in case any issues arise. You can also test updates on a staging site if you want to make sure nothing will happen to your live site. You can follow this link to go through our step-by-step process of updating your WordPress version, theme, and plugins. It is a good idea to set aside some time to go through all of the updates on your site and get in a regular routine of checking and updating everything.
Make Security a Priority
Security is not something you should take lightly and should be one of the first things you think about when setting up your new online store. Following the steps above will insure that you have a safe and trustworthy site and that your store and customer’s data is well protected in the event of an attack.
If you have any questions about these 7 ways to keep your WooCommerce store safe or if you’d like to sign up for our WordPress Security Class or our WordPress eCommerce Class, please give us a call at 877-844-9931 or email us at firstname.lastname@example.org.