Back to top

Essential WooCommerce Security Checklist For 2019

WooCommerce Security Checklist

There’s never been a better time to be an online retail entrepreneur, and much of that is due to the advent of convenient and intuitive sales platforms like WooCommerce. A free plugin for WordPress, the world’s most popular general-purpose CMS, it makes it possible for someone with a minimal budget to set up a store and start taking orders in very little time.

That said, it isn’t quite as simple as making it through the WooCommerce setup phase and relaxing with your fully-functional store. This is due to the many threats that e-commerce sites face online, such as data theft or acts of sabotage.

If you’re going to sell online, you need to take action to safeguard your store against these threats. Here’s a simple checklist to help you keep your WooCommerce store safe:


A reliable and secure host

Before you actually start installing WooCommerce on your WordPress site, you need a suitable host, because not all web hosts are equally good. Not only does an e-commerce site have greater demands when it comes to performance, but it also needs stricter data protection — and the web host is the first line of defence.

Choose poorly, and no matter how strong you make your site itself, it will always be vulnerable (anyone who gains access to the host can get into your site from there). Don’t settle for the cheapest host: read reviews and compare features to find a host that openly supports WooCommerce.

A strong admin password

You’d be surprised by how many people set important passwords but leave them unchanged for years while using them across multiple sites or choose weak passwords, to begin with (“12345678”, or “password”, for instance). Sure, this saves time and helps you remember your login details, but it leaves your store very vulnerable to attack.

Choose an admin password that won’t be easy to guess or brute-force. Try tying several unrelated words together — e.g. storm_pardon_carton — for a password that’s relatively memorable but extremely secure. And if you ever suspect that your security might have been compromised, change your password immediately instead of taking the risk of leaving it.

Two-factor authentication

Two-factor authentication is a must for online sellers because it provides a fallback to protect you from someone discovering your password and using it to lock you out entirely. Quite simply, it adds a second step to the login process that calls upon some other verification method, and you can make that method something that a hacker couldn’t practically replicate.

Most commonly, this is tied to your smartphone: when you try to log in, you’ll get a text message (or app notification) asking you to confirm the attempt. If confirmation isn’t provided, the login will be rejected. This adds a little time to the process, yes, but it’s fully justified.

A regular backup process

You never know when something might go terribly wrong with the hosting of your store, no matter how reliable the host may be — if nothing else, there’s no accounting for natural disasters. And if you don’t plan ahead, then your entire site can be wiped out overnight, leaving you scrambling to recover.

This is why you need to make regular backups of your store. If something goes wrong — the site is deleted somehow, or someone gets access to it and massively changes things — you can simply return to a recent backup and set everything right. WordPress supports a lot of plugins, so look for a free backup plugin: here are some to check out.


Updated plugins

You’ll need plugins to achieve a lot of these things and to keep your WooCommerce site operating with optimal efficacy, but every plugin you add creates new security vulnerabilities. This is due to the admin access required for a plugin to function: if someone gains access to the plugin through a security flaw, they can access your entire site by extension.

Thankfully, plugin developers tend to release security patches to remove serious vulnerabilities, so you need only install updates on a regular basis. Where possible, enable automatic updates to make life easier, but only if you can pay close attention to ensure that updates install as they should (if an update goes wrong, it can cause issues that prevent your store from working properly, leading to much broader problems).

If you check off each of these items, you’ll be able to proceed with confidence that your WooCommerce store is fairly secure. Keep up with updates and you’ll be in a good position to sell safely for years to come.