{"id":26255,"date":"2021-07-03T17:00:01","date_gmt":"2021-07-03T15:00:01","guid":{"rendered":"https:\/\/qodeinteractive.com\/magazine\/?p=26255"},"modified":"2021-07-09T14:11:05","modified_gmt":"2021-07-09T12:11:05","slug":"steps-for-keeping-your-woocommerce-store-secure","status":"publish","type":"post","link":"https:\/\/qodeinteractive.com\/magazine\/steps-for-keeping-your-woocommerce-store-secure\/","title":{"rendered":"7 Key Steps for Keeping Your WooCommerce Store Secure"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]While with WordPress anyone indeed can make a website, not all websites are created equal. A simple blog only needs to be stable enough to service its readers, but <strong>a website which collects user login data requires more security<\/strong>, under <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpres-gdpr-compliance\/\">GDPR<\/a>, <a href=\"https:\/\/qodeinteractive.com\/magazine\/what-is-do-not-sell-button\/#what-is-ccpa\">CCPA<\/a>, or a similar data protection act or simply as the best practice. WooCommerce stores not only collect user data, they collect credit card data, making WooCommerce security remarkably sensitive.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Reputation is hard to earn but easy to lose. Would you be confident about giving your credit card information to an online store with a history of security breaches? We didn\u2019t think so. So, if you run a WooCommerce store, we assume you are interested in making it as safe to use as you possibly can. This is what we will talking about:<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#start-with-your-servers\">Start With Your Servers<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#update-update-update-but-first-backup\">Update, Update, Update, But First: Backup!<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#ftp-settings\">FTP Settings<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#passwords-and-2fa\">Passwords And 2FA<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#use-a-login-limiter\">Use a Login Limiter<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#regular-backups\">Regular Backups<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#scan-for-malware\">Scan For Malware<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;80px&#8221;][vc_widget_sidebar sidebar_id=&#8221;new-ecommerce-banner&#8221;][vc_empty_space height=&#8221;80px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"start-with-your-servers\"><\/a>Start With Your Servers<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"554\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Start-With-Your-Servers.jpg\" class=\"attachment-full size-full\" alt=\"Start With Your Servers\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Start-With-Your-Servers.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Start-With-Your-Servers-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Start-With-Your-Servers-768x439.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Start-With-Your-Servers-620x354.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]A majority of WordPress users don\u2019t own servers, and the same goes for WooCommerce store operators. This step, therefore, basically boils down to <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-choose-wordpress-hosting-provider\/\">your choice of a hosting provider<\/a>. Your <strong>hosting provider stores all your website files<\/strong>, including your database, and should have safeguards in place to protect those files from malicious attacks. In the article linked above we have gone on at length about the general aspects of choosing a provider for your WordPress website. Here, we will concentrate on the security aspects.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]As with most things, <strong>you get what you pay for<\/strong>: security takes considerable effort, and, with free hosting, the hosting provider will likely keep it at a minimum. Some important features you should consider are <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-add-free-ssl-certificate-wordpress\/\">SSL certificates<\/a> (a must), up to date software (this will recur in this text \u2013 always make sure to have the latest update), disk write protection or limitation, backups, and round-the-clock access to support.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Some hosts may offer regular backups and security scans as part of their service package. Our advice is at least to consider it.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"update-update-update-but-first-backup\"><\/a>Update, Update, Update, But First: Backup!<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"555\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Update-and-Backup.jpg\" class=\"attachment-full size-full\" alt=\"Update, Update, Update, But First: Backup!\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Update-and-Backup.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Update-and-Backup-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Update-and-Backup-768x440.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Update-and-Backup-620x355.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Your server software updates will likely be up to your hosting provider, though you should still be able to <strong>check the current version of your server\u2019s PHP<\/strong> from the back end of your hosting account. You need to go beyond that, though, by <strong>updating all the software your website uses<\/strong>. This includes themes, plugins and the WordPress software itself.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]As we\u2019ve mentioned before,<strong> obsolete software is a vulnerability<\/strong>. The developer may abandon any piece of software for a variety of reasons, which means that they also stop updating the software\u2019s security features. WordPress software, such as themes and plugins, is developed by thousands of people the world over, compatibility issues may arise. All of this may affect your shoppers\u2019 data safety. This is why you should <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-manually-backup-wordpress-website\/\">backup your WordPress website<\/a> regularly, but especially before making major updates.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Apart from security, <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-update\/\">updating WordPress<\/a> has benefits in terms of performance, too. It can get a little technical, but it\u2019s nothing a webmaster shouldn\u2019t be able to handle. <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-update-plugins\/\">Updating your plugins<\/a>, on the other hand, is relatively easy and can even be automated using a plugin.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"ftp-settings\"><\/a>FTP Settings<\/h2>\n<p>[\/vc_column_text][vc_column_text]Another avenue of illicit access to your website could be FTP, or File Transfer Protocol. Typically, you would use FTP accounts to connect whichever device you use to maintain your website to your website server.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]There is much to be said about <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-use-ftp\/\">how to properly use FTP<\/a>, so we will be brief: what you need to make sure is that <strong>only trusted FTP accounts access your website\u2019s root directory,<\/strong> as well as<em> wp-admin<\/em>, <em>wp-includes<\/em>, and <em>wp-content<\/em> folders.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"passwords-and-2fa\"><\/a>Passwords And 2FA<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"555\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Passwords-And-2FA.jpg\" class=\"attachment-full size-full\" alt=\"Passwords And 2FA\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Passwords-And-2FA.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Passwords-And-2FA-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Passwords-And-2FA-768x440.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Passwords-And-2FA-620x355.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Now, a chain is only as strong as its weakest link, and we are at a loss to think of a weaker link than using <em>password123<\/em> for a password, other than maybe using <em>password123<\/em> for all your passwords.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Best practices now mean creating <strong>unique and strong passwords for all your accounts<\/strong>. This means that you should avoid dictionary words and names, and instead mix it up with upper and lower case letters, digits, and punctuation, in strings as long as possible. This will make your passwords more difficult to crack, but also more difficult to remember, which is why you should consider investing in a <a href=\"https:\/\/qodeinteractive.com\/magazine\/best-password-manager-tools\/\">password manager<\/a>. Password managers are a simple and safe way of storing strong passwords without needing to remember all of them.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]In especially sensitive areas (that is, with Woocommerce stores and other websites which collect user data), you should go beyond simply changing your passwords towards the more secure: you should most definitely <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-two-factor-authentication\/\">introduce two-factor authentication<\/a>. Two-factor authentication is simply <strong>another layer of protection<\/strong>: just knowing a password is no longer enough to log in. This means that even if your password is compromised, <strong>people with malicious intent will not have it easy<\/strong> doing any actual damage.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]What goes for you, we shouldn have to say, also goes for all your staff with login credentials: you can\u2019t afford a single weak password.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"use-a-login-limiter\"><\/a>Use a Login Limiter<\/h2>\n<p>[\/vc_column_text][vc_column_text]Brute force attacks are a way hackers use to breach your login forms. They do this by using software to try countless combinations of user names and passwords automatically until they chance upon a right one.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]One way of preventing these attacks from ever succeeding is to use strong passwords and 2-factor authentication, as we have discussed above. You might also consider <a href=\"https:\/\/qodeinteractive.com\/magazine\/limit-login-attempts-in-wordpress\/\">limiting login attempts<\/a>. By<strong> limiting the number of times a login can be attempted<\/strong> from the same IP address, you limit the hackers\u2019 ability to breach your store\u2019s security. The login limiter will simply lock them out temporarily or permanently.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"regular-backups\"><\/a>Regular Backups<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"555\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Regular-Backups.jpg\" class=\"attachment-full size-full\" alt=\"Regular Backups\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Regular-Backups.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Regular-Backups-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Regular-Backups-768x440.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Regular-Backups-620x355.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]All of the above deal with how to avoid getting hacked in the main. But what if your online store does get hacked? We have already talked about backing up your website before installing updates, but <strong>you really should be making regular backups<\/strong> even if you are not considering making updates: this is how you get your website back in case it is hacked and important files have been deleted or damaged.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]It could be that your host offers backups and security scans as part of a package. In that case, you might get them to automatically revert to the last version of your online store known to be safe in case you find your website hacked. If not, chances are you will have to <a href=\"https:\/\/qodeinteractive.com\/magazine\/manually-restore-wordpress-website-backup\/\">restore your website manually<\/a> from your own backup. And even if your host does perform regular backups, it does no harm to <strong>keep extra safe<\/strong> and do your own independently.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Of course, backing up your files and restoring your website from backup can be long and arduous processes. It comes as no surprise, then, that there is a slew of <a href=\"https:\/\/qodeinteractive.com\/magazine\/best-wordpress-backup-plugins\/\">backup plugins for WordPress<\/a> to choose from if you want to <strong>automate these processes.<\/strong>[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"scan-for-malware\"><\/a>Scan For Malware<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"555\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Scan-For-Malware.jpg\" class=\"attachment-full size-full\" alt=\"Scan For Malware\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Scan-For-Malware.jpg 969w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Scan-For-Malware-300x172.jpg 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Scan-For-Malware-768x440.jpg 768w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2021\/07\/Scan-For-Malware-620x355.jpg 620w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]While your host may perform security scans themselves, it cannot hurt, as with backups, to <strong>do your own scans<\/strong>, just in case. Malware is malicious software which can be introduced to your website using faulty or out-of-date software such as plugins and themes, but there are ways to introduce it even using comments. The more ways your shoppers have of interacting with your website, the more careful you should be.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<a href=\"https:\/\/qodeinteractive.com\/magazine\/scan-wordpress-for-malware\/\">Scanning your WordPress website for malware<\/a> can be done manually, but reviewing huge numbers of files is tedious. That is why there is a selection of malware scanning tools, both free and premium, which you might want to consider.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\">In Conclusion<\/h2>\n<p>[\/vc_column_text][vc_column_text]As you can see, there is a lot to be said and done about WooCommerce security. When all is said and done, though, you will be able to say with confidence that you have done all you possibly could have to safeguard your reputation for safety, as well as \u2013 more importantly \u2013 your shoppers\u2019 sensitive data.<br \/>\n[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]To recap: close off any avenues of access to malicious players, such as out-of-date software, weak passwords, and your servers, and make regular backups just in case you need your website restored.<br \/>\n[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Looking to improve your WooCommerce security? Do not miss these 7 key steps!<\/p>\n","protected":false},"author":16990,"featured_media":26526,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[29,56,34,4,13],"class_list":["post-26255","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-resources","tag-business","tag-ecommerce","tag-security","tag-tips","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/26255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/users\/16990"}],"replies":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/comments?post=26255"}],"version-history":[{"count":0,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/26255\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media\/26526"}],"wp:attachment":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media?parent=26255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/categories?post=26255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/tags?post=26255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}