WooCommerce holds a big chunk of eCommerce market share. The more rapid growth in the number of businesses that are using WooCommerce, the more attention you have to make on the security problems. It is crucial to improve the WooCommerce security of your site and business.
All the information about your clients, transactions, emails, usernames, payment details is on your Woocommerce site.
A statistic revealed a shocking fact that “73.2% of the WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools”.
That means with only automated tools in a few minutes, malicious attackers can discover vulnerabilities of a WordPress installation and exploit them. Any hacker can target your WooCommerce site. What would it be like if hackers can go and use your server to spam emails or even worse steal your data?
Table of Contents
Improve WooCommerce Security
There are many different ways for hackers to damage your website. Below you will find some simple ways to improve your website WooCommerce security.
1. Find a host with security features
The vulnerability causes over 40% of hacking attempts on a hosting platform, so finding a host with security features is the first line to keep your WooCommerce site safe.
There are many online hosting providers (see best low cost WordPress hosting providers), so it is a bit difficult to choose the best one for you. Here are some criteria to select:
- The host providers’ reputation and reviews.
- Quality support.
- Having malware scanning and intrusive file detection.
- Having abilities to isolate and prevent the infection from spreading.
- NAME
- SSD INCLUDEDSolid state drives provides increased performance and reliability over mechanical hard drives.
- FREE DOMAIN
- DISK SPACE
- BANDWIDTH
- EMAIL SPAM FILTERING
- SUPPORT
- FREE WEBSITE TRANSFERDoes hosting company provide free site migration from another hosting provider
- FREE BACKUPS
- MONEY BACK GURANTEE
- ADVERTISING CREDITS
- FREE WEBSITE BUILDER
- WEBSITES SUPPORTEDHow many websites can you have
- PHP 7 SUPPORTED
- SSH ACCESS
- PARKED DOMAINS
- SUB DOMAINS
- FTP ACCOUNTS
- MALWARE PROTECTION
- FREE SSL
- LETS ENCRYPT INTEGRATION
- CLOUDFLARE INTEGRATION
- CPANEL
- HTTP/2 ENABLED SERVERS
- PRICE
- INMOTION SHARED WORDPRESS HOSTING LAUNCH PLANLaunch plan
- If you already have a domain, you will geta credit that can be used to transfer your existing domain from another registrar.
- UNLIMITEDCertain restrictions apply
- UNLIMITEDCertain restrictions apply
- PHONE,TICKET,LIVE CHAT
- Applies to accounts consisting of 3 or fewer databases and/or websites. Accounts wishing to transfer more than 3 items will be charged $10 per additional item to be transferred.
- 90 DAYS
- $100 of Google Adwords credits, $75 of Bing advertising credits and $75 of Yahoo advertising credits and a free Yellow Pages business listing
- 2
- 6
- 25
- You will need to install it manually
- $4.89/MONTH
- BLUEHOST SHARED HOSTING BASIC PLANBasic plan
- 50
- UNLIMITED
- PHONE,TICKET,LIVE CHAT
- They charge $149.99
- 30 DAYS
- 1
- 5
- 25
- You will need to install it manually from 3rd party
- You will need to install it manually
- $3.95/MONTH
- SITEGROUND WORDPRESS SHARED HOSTING STARTUP PLANStartup plan
- 10
- UNLIMITED
- PHONE,TICKET,LIVE CHAT
- For 1 website
- 1 copy
- 30 DAYS
- 1
- UNLIMITED
- UNLIMITED
- $4.65/MONTH
- NAMECHEAP SHARED HOSTING VALUE PLANValue plan
- Free .website domain and free WhoisGuard
- 20
- UNLIMITED
- TICKET,LIVE CHAT
- Twice a week
- 14 DAYS
- 3
- UNLIMITED
- 50
- 50 users
- You can manually add Lets Encrypt free certificate
- You need to manually add
- Not out of the box
- $0.82/MONTH
- NAME
- SSD INCLUDEDSolid state drives provides increased performance and reliability over mechanical hard drives.
- FREE DOMAIN
- DISK SPACE
- BANDWIDTH
- EMAIL SPAM FILTERING
- SUPPORT
- FREE WEBSITE TRANSFERDoes hosting company provide free site migration from another hosting provider
- FREE BACKUPS
- MONEY BACK GURANTEE
- ADVERTISING CREDITS
- FREE WEBSITE BUILDER
- WEBSITES SUPPORTEDHow many websites can you have
- PHP 7 SUPPORTED
- SSH ACCESS
- PARKED DOMAINS
- SUB DOMAINS
- FTP ACCOUNTS
- MALWARE PROTECTION
- FREE SSL
- LETS ENCRYPT INTEGRATION
- CLOUDFLARE INTEGRATION
- CPANEL
- HTTP/2 ENABLED SERVERS
- PRICE
- GREENGEEKS MANAGED WORDPRESS HOSTING
- If you already have a domain, you will geta credit that can be used to transfer your existing domain from another registrar.
- UNLIMITEDCertain restrictions apply
- UNLIMITEDCertain restrictions apply
- PHONE,TICKET,LIVE CHAT
- That includes 1 free site or cPanel transfer, so if you have a few sites in a single cPanel account they could move them all over for free
- 30 DAYS
- Free SEO and Marketing tools and $20 BidVertiser ad credit as well as coupon for Google AdWords for $75 in credit when you spend $25
- UNLIMITED
- UNLIMITED
- UNLIMITED
- You can manually add Lets Encrypt free certificate
- You can manually add Lets Encrypt free certificate
- $3.95/MONTH
- IPAGE SHARED WORDPRESS HOSTING WP STARTER PLANWP Starter
- UNLIMITED
- UNLIMITED
- PHONE,TICKET,LIVE CHAT
- 30 DAYS
- Google AdWords offer ($100 value) when you spend $25, Bing search credit ($100 value, Yellowpages.com listing, One toll-free phone number (US only)
- UNLIMITED
- UNLIMITED
- UNLIMITED
- THEY USE VDECK PANEL
- $3.75/MONTH
- A2HOSTING SHARED LITE PLANLite plan
- UNLIMITED
- UNLIMITED
- PHONE,TICKET,LIVE CHAT
- 30 DAYS
- Free Bing/Yahoo Ad Credits, iContact Email Marketing Trial
- 1
- 25
- 5
- $4/MONTH
2. Keep everything updated
How many times has the sentence “Update or remind me later” showed off on your computer screen, announcing you to update your software? You choose “remind me later” and don’t know that you are putting yourself as well as your customers at risk.
Each new release is the complete version of the previous one. Known exploits that exist in the earlier version are patched. Updates keep you safe from known security holes.
WordPress occasionally releases major versions every few months. Ignoring them, your WooCommerce store can be vulnerable.
3. Use strong passwords
Many people can say that this is excessive advice. But how many are making this mistake? A strong password, according to traditional opinion, needs to follow something like:
- At least 12 characters – The length of a password is one of the primary importance to decide how strong it is. So you need to choose a password that is long enough.
- Your password should include both capital and lowercase letters as well as numbers and symbols.
- Have no connection to you, such as your birthday, your address, ID, etc.
One of the best solutions to create a strong password for WooCommerce is to use valid password managers. Their responsibilities are to generate super strong passwords and store them in a secure database format. I have personally used RoboForms and still regularly use Sticky Passwords.
You will never have to worry about choosing a strong and unique password and get in trouble remembering them again and again. You can use Strong Password Generator, Passwords Generator, or Norton Password Generator to help you.
4. Use the two-way authentication process
Two-Way Authentication or 2FA adds another step to your login process. As soon as you install Two-Way Authentication, you will be prompted a code each time you log in your WordPress site, besides your username and password.
If you don’t use 2FA, the procedure simply includes username and password – two only things to secure your account. Therefore, adding another layer of protection can make your account safer. Many plugins offer Two-Way Authentication for you to choose.
5. Limit login attempts
WordPress allows users to enter their passwords as many times as they want. This is an excellent opportunity for hackers to try different combinations until your site cracks. To prevent the above-described scenarios, you need to limit the number of failed login attempts per user. You can use a plugin like Login Lockdown.
They would help you lock a user if he entered the wrong password more than a specified time, depending on your setting. You could also change WordPress default login URL.
6. Don’t use default “admin” username
Using default and popular username “Admin” will decrease the level of your WooCommerce security. You should choose a username that is hard for hackers to guess and has more than eight characters. If you are using “Admin” as your username, create a new username to stay on a safe side.
7. Disable edit files via the dashboard
You know that WordPress is an open-source website. It allows you to go to Appearance->Editor and edit any themes code right from your website admin dashboard.
This feature can give hackers a chance to edit your website files or execute malicious code. You should disable edit files via the dashboard by adding this code in your website wp-config.php file:
define( ‘DISALLOW_FILE_EDIT’, true ); |
8. Have a backup
You never can tell what will happen tomorrow. There is no guarantee that your website will never become the target of hackers. Your security system will always have loopholes. Therefore, backing up your site frequently is very important. You can check UpdraftPlus vs BackUpWordPress vs BackWPup comparison where I have compared features of this free backup plugins.
Most hosting companies provide daily backups for your website. However, if the host data center is ruined, both your main website and internal backups will be lost. Therefore, you need to make external backups. You can install plugins like BackwpUP to help you perform automatic backups at set intervals.
Other great backup plugins are WPvivid and BackupBuddy. Check BackupBuddy vs UpdraftPlus vs VaultPress vs BlogVault comparison to see differences between those backup plugins.
- Name
- Free version
- Paid versionWith additional upgrades and addons
- Full site backupIs it possible to backup entire site with all files
- Database backupsIs it possible to backup only database
- Backups to DropboxIs it possible to save backup files to Dropbox
- Backups to Amazon S3Is it possible to save backup files to Amazon S3
- Backups to Google DriveIs it possible to save backup files to Google Drive
- Backups to FTPIs it possible to save backup files to FTP
- Backups to RackspaceIs it possible to save backup files to Rackspace
- Email notificationEmail notification when backup is created
- Changes only backupsIn order to reduce server resources and save space only new changes are added to backup
- Scheduled Backups
- Realtime backupsBackups files are created whenever you make changes on your site
- Migrate siteCopy site or move it to a new host
- Individual file restoreRestore individual files/file from backup instead of whole thing
- Restore backup from interface
- Security and Malware scanOptions to serach for viruses and other infections
- Database repair and optimizationOptions to optimize wordpress database
- Multisite support
- Price for paid versionWith all addons and features (cheapest plan for 1-2 sites)
- MalCare
- 149$/ year for one site (backup + security)In free version there is only firewall + site hardening security (no backup option)
- BackWPupIt has also premium/paid version with additional addons and upgrades
- Only in paid version
- 75$For standard plan
- BackUpWordPressIt has also premium/paid version with additional addons and upgrades
- Only available with paid addon which price is around 24$
- Only available with paid addon which price is around 24$
- Only available with paid addon which price is around 24$
- Only available with paid addon which price is around 24$
- Only available with paid addon which price is around 24$
- 60$For personal plan
- UpdraftPlusIt has also premium/paid version with additional addons and upgrades
- Only available with paid addon which price is around 15$
- Paid addonOnly available with paid addon which price is around 30$
- Paid addonOnly available with paid addon which price is around 25$
- 99$ (unlimited number of sites)For developer plan with all addons and for unlimited number of sites
WooCommerce Support Forums
WooCommerce is a fantastic plugin, but there are days when you try everything to fix your site, and nothing seems to work. Feeling confused about WooCommerce is nothing new. We’ve all been there. Luckily, one of the best things about WooCommerce is there are lots of places to seek out help and even more people willing to help answer your questions.
WooCommerce Support Forum
Whenever you need any assistance regarding issues in WooCommerce, I think this is the place you should go first. This is a support site for WooCommerce, which is maintained by a community of users and WooCommerce source developers. To be able to ask these questions, you need to register an account at WordPress.org.
Advanced WooCommerce Facebook Group
The idea behind this group is simple, a place for WordPress developers, store owners, and WooCommerce enthusiasts on Facebook to meet and share ideas and knowledge with a focus on the more advanced features and functionality without necessarily having to go into any basics.
This group is for WooCommerce specific ideas, issues, and posts that bring value to the group and for people seeking help.
WordPress Development Stack Exchange
The primary purpose of this website is WordPress, but you can ask questions related to WooCommerce here, as well.
WooCommerce Bug Report
If you have problems related to WooCommerce development or find a bug of WooCommerce, you can submit the “issue tracking” section of the WooCommerce GitHub Repo so that WooCommerce developers can know the problem and provide a solution if possible.
WooCommerce Website Security Conclusion
Keeping WordPress site safe is very important. Running a successful online business involves a lot of work. You will always add new products, fix bugs and issues, conduct marketing activities, etc. But you will also be worried about your site’s security.
The security of your eCommerce store must be a top priority because it involves people logging in and entering their personal details. But that is not the only thing you need to be careful about. Chargebacks are another big issue. To protect your store, good WooCommerce plugin for preventing fraud orders is essential.
While basic security measures are built into WordPress and WooCommerce out of the box, there are a few basic things every store owner should do to keep their customers, team, and data safe.
I hope this article helped you learn the basic things of WooCommerce security and how to improve it. When customers trust you with their personal information such as email address, credit card details, name address, and telephone numbers, it is your responsibility to take care of that information.
DISCLOSURE: Posts may contain affiliate links. If you buy something through one of those links, I might get a small commission, without any extra cost to you. Read more about it here.