Creating an online store with WooCommerce is really easy, and in a few minutes you can have your online business up and running, but every website comes with responsibilities, and an online store even more so, to your customers.
So, if securing your WordPress is important, if you have an online store with WooCommerce it is vital that security is a priority for you and your customers.
You might think that just having a secure WordPress would be enough but NO, there are some important details you need to take into account, so let’s see what you need to take into account to secure a WooCommerce online store or any online store for that matter.
Table of Contents
Hire a secure hosting that is compatible with PCI
It is absolutely essential to choose the right hosting because it is useless what you do in your installation if the house that hosts it is full of cracks and it does not even meet the basic needs for an online commerce.
What PCI compliance guarantees is that your server complies with rules that ensure that it is safe enough to perform online transactions and store customer data.
This first rule is often forgotten, but it is the fundamental basis for creating a professional online store.
If you want to hire a safe hosting compatible with PCI rules I recommend SiteGround, which is also specialized and committed to WordPress.
Get a secure SSL certificate
Another basic security feature for your WooCommerce online store is to install a secure SSL certificate on your domain to offer secure HTTPS connections instead of HTTP.
With an SSL certificate, all transactions on your online store will travel encrypted and encoded, guaranteeing the security of your transactions and customer information.
Until not so long ago installing an SSL certificate was expensive, but nowadays it’s cheaper and easier, even free with some hosting companies.
Install a security plugin
Install a security plugin like SG Security or iThemes that at least protects your online store from mass login attempts, requires strong passwords, and protects your files and data information.
You can also enforce access control with a 2FA plugin.
If you are not convinced by any plugin as a whole, at least ensure the following:
- Limiting mass access to the WordPress login screen.
- Verification of secure passwords.
- Control of user registrations.
- Protection of files and folders.
- Prevents code injection.
Disable pingbacks and trackbacks
No, you don’t need pingbacks and trackbacks in your online store, and it is also a possible security breach when facing denial of service (DDOS) attacks.
Hide author URL
Do not add it, that simple.
If you use a SEO plugin like everyone does, most of them allow you to change the slug making this really easy, you just show what you want to.
Use safe passwords for everything
I don’t mind repeating this over and over again but forget about using easy-to-remember passwords for admins, database or FTP access.
Use reliable plugins
Don’t be tempted to install cheap/free plugins or plugins from suspicious sites for your online store. I know that an online store involves an investment, but with a single insecure plugin or without sufficient updates and support your entire installation can be compromised and everything could be lost.
So install only plugins from the official WordPress directory or from developers you absolutely trust, who offer frequent support and updates.
Use reliable themes
The same goes for the theme. Don’t be blinded by stunning visual elements or endless carousels. Use a theme that, in addition to being WooCommerce ready, offers support and frequent updates, not just a pretty look.
I mainly use Divi for online stores and, besides being fully prepared for WooCommerce through specific modules, it is a guarantee of reliability.
Think that what should stand out the most in an online store should be your products, so leave the fancy stuff behind and offer a solid and reliable showcase.
Use secure payment gateways
Avoid experiments and use payment gateways that guarantee the security of your customers’ data, but above all avoid using payment gateways that store data on your own website.
Install a virtual POS of your favorite bank, Paypal or Stripe, platforms that do not store any data on your server. Personally, I am using Stripe lately and it is absolutely great.
Offer a fast website
You may wonder what speed has to do with security, but it does, if only as a matter of perception.
Imagine that you are making a payment in an online store and in the step of inserting your credit card information and payment confirmation, multiple seconds pass without a response from the website, what would you think?
You would probably break out in cold sweats wondering where your bank details are traveling to, whether you will ever return to the site where you entered your information, or whether your card details are already becoming part of a spreadsheet that you didn’t sign for.
Update, yes, that simple
Every time I read around that people get scared when they see a WooCommerce update I think about the exact opposite, the scary part should be if they don’t update.
If normally it is important to have WordPress and all plugins and themes updated, in an online store it is absolutely mandatory to update everything, without discussion.
Of course, you should not update without testing, never, but you should not leave an online store insecure by not taking the time to test the new versions of all plugins, theme, especially WordPress and WooCommerce.
My advice is the same as always for sensitive installations: create an exact copy on your server of your online store, and if there is an update of something first update on the copy and, if everything goes well, update on the active store.
If something goes wrong? check the bugs or hire a professional, but don’t leave your online store insecure or your laziness/irresponsibility today will be your ruin tomorrow, and possibly that of your customers.
