Creating an online store with WooCommerce is really easy, and in a few minutes you can have your online business up and running, but all web carries responsibilities and a lot more online store, with your customers.
Therefore, if it is normally important to secure WordPress if you have an online store with WooCommerce it is vital that security be a priority for you and your customers.
You might think that with having a secure WordPress would be enough but no, there are some important details that you should keep in mind, so let's see what you should have in account for secure an online store WooCommerce or any online store.
1. Book a secure hosting that is compatible PCI
I know I repeat myself a lot but it is absolutely essential to choose the hosting, because what you do in your installation is useless if the house that Hosta is full of cracks and, in the case at hand, does not even meet basic needs for an online commerce.
Although WooCommerce is not yet compatible with PCI standards, as a matter of paperwork, it will soon be, but ] your hosting must comply with these standards, which ensure the safe handling of your customers' information as Hristo explained to us not long ago .
What PCI guarantees you is that your server complies with rules that guarantee that it is safe enough to carry out online transactions and store customer data .
This first rule is usually the one that is largely forgotten, eg ro is the fundamental basis for creating a professional online store.
If you want to hire a secure hosting compatible with the PCI rules I recommend without a doubt SiteGround which are also specialized and committed to WordPress .
2. Install a secure SSL certificate
Another basic security for your WooCommerce online store is install a secure SSL certificate in your domain to offer secure connections https instead of http .
With an SSL certificate all the transactions in your online store will travel encoded and encrypted, guaranteeing the security of the information of your operations and clients.
Until no a SSL certificate was expensive to install, but now you can install an SSL certificate Let's Encrypt totally free, endorsed by the Internet big.
Of course, do not forget to check the box of the WooCommerce settings to force secure payment .
3. Install a security plugin
Do not even think about living dangerously. Install a security plugin like WordFence or Sucuri that, at least, protect your online store from massive access attempts, require strong passwords and protect your files and your data information.
You can also reinforce access control with a 2-step identification plug-in .
If you are not convinced by any plugin as a whole, at least ensure the following:
- Limitation of bulk access to the login screen from WordPress.
- Secure passwords check
- Pre-control of user registers.
- File and folder protection.
- Prevents code injection.
4. Disables pingbacks and trackbacks
No, you do not need pingbacks and trackbacks in your online store, and in addition is a possible security breach against denial of service attacks (DDOS) having active XML-RPC as well that adds the following code to your .htaccess file:
# START XML RPC BLOCKING
< Files xmlrpc . php >
Order Deny Allow
Deny from all
< / Files >
# FINISH XML RPC BLOCKING
5. Hide the author URL
As you already know, WordPress automatically generates an author URL for each user of your site, of type https://misito.com/author/nombreautor . Well, that of authorname is half of what a hacker needs to access your site.
Disable or change author URLs to something that does not offer free information . In the previous link you have how to do it.
6. Use secure keys for everything
I do not mind being heavy with this but forget (always) to use easy-to-remember keys for the administrator user, the database or FTP access. Incidentally, do not use FTP but SFTP.
This same rule should be assigned to all users, forcing the use of strong passwords in all cases.
7. Use plugins of absolute confidence
Do not be tempted to install cheap plugins or suspicious sites for your online store. I know that an online store entails an investment, but with a single insecure plugin or without enough updates and support all your installation can be compromised.
So install only plugins of the official WordPress directory or developers of your absolute confidence, offering frequent support and updates.
8. Use a subject of absolute confidence
The same thing happen with the subject. Do not be blinded by surprising visual elements or infinite carousels. Use a theme that, in addition to being prepared for WooCommerce, offers support and frequent updates, not just a nice aspect.
I use massively Divi for online stores and, in addition to being fully prepared for WooCommerce through specific modules, it is a guarantee of reliability.
Think that what you should highlight in an online store should be your products, so get rid of pijadas and offer a solid and reliable showcase.
9. Use secure payment gateways
Flee experiments and use payment gateways that guarantee the security of your customers' data, but above all avoid using payment gateways that store the data. data on your own website.
Install a virtual POS from your favorite bank, Paypal or Stripe, platforms that do not store any data on your server. Personally I'm using Stripe lately and it's absolutely great, another day we'll talk more about this payment gateway.
10. It offers a fast web
e-commerce concept minimal design, vector
You may wonder what speed has to do with security but has it, even if only for a question of perception.
But imagine that you are making a payment in an online store and in the step of inserting your credit card information and confirmation of payment spend, say, 3 or more seconds, what would you think?
] Surely you would start to have cold sweats thinking about where your bank's data will be traveling, if you will ever go back to the website where you entered your information or if your card data will be already part of an unsuspecting worksheet to steal from Amazon.
So activates a CDN, right now! . Not only will you offer better response times on your website, but they also usually include security utilities for your website.
11. Update, update, update
Every time I read about it that people get temblequera for an update WooCommerce I think just the opposite, in the shaker that should get them if they do not update.
If it is usually important to have WordPress and all the updated plugins and themes, in an online store is absolutely mandatory to update everything without discussion.
Of course you do not have to update like crazy, without doing tests , that never, but you should not leave an insecure online store for not taking the time to test new versions of all the plugins, the theme, but especially WordPress and WooCommerce.
My advice is the same as always sensitive installations: create an exact copy in your server of your online store, and if there is an update of something first update in the copy and, if everything goes well, update in the active store.
That something does not go out all right? review the mistakes or hire a professional, but do not leave your online store unsafe or your vaguería / irresponsibility today will be your ruin tomorrow, and possibly that of your customers.
To finish, do not forget all the rules of WordPress security which I summarize: