10 Essential Woo Commerce Security tips to Protect your Online Store

Jul 24, 2018 | WooCommerce Settings, Wordpress Security

Did you open your Woo Commerce store? It’s fine. The advantages that this platform provides for its users will help you build your business. But there are certain things that are very important not to be missed especially woo commerce security. One of the important factors in working in the field of e-commerce is security, although many people usually forget about it, setting simple passwords, saving on security measures and postponing important decisions for later.
Some security tools are originally built into WordPress and Woo Commerce, but if you open or soon plan to open your online store, you will not be uncomfortable with knowing some basic rules by which you can secure your customers, employees and all data on any attempt hacking or attack. Most of the security measures are taken in advance, so it’s better to protect yourself from the beginning than to lose more.

10 Essential Woo Commerce Security tips to Protect your Online Store

In this article, I will tell you 10 essential woo commerce security tips to protect your online store.

1. Create a Strong Password

Set up strong passwords for all accounts associated with your store. Use a password that is different from the passwords for your other accounts. When setting a password, be sure to use both lowercase and uppercase letters, as well as numbers and symbols. Do not use existing words, dates of weddings, birthdays and other events you can learn about. Make the password as long as possible, the longer it is, the harder it will be to crack. With the release of Woo Commerce 3.2, when you create a new account, the built-in password strength indicator is displayed and you get to know how good your password is.

2. Encrypt the connection

Use an SSL certificate to the server of your website or Woo Commerce store to enable a secure connection between the buyer’s browser and the online store. SSL connection protects and secures your connection and is almost impossible to crack. An SSL connection is important for any website that processes customer personal data.

3. Enable 2-step authorization

If your login and password are recognized by intruders, everything is lost. But with 2-step authorization, it is hard to hack the store. It is a reliable protection against hacking an online store. To enter the site with such authorization, it is not enough to know the login and password. 2-step authentication is very important to strengthen Woo Commerce security.
After entering the login details and the password, a message with the access code comes to the phone. Login to the website is possible only by entering the received code on the authorization page. Hacker cannot enter your website even if he receives your password without your mobile phone. Two-step authorization is practically invulnerable, so this method is widely used by Internet banks.

4. Keep Things Updated

Hackers think constantly about how to hack an online store. Therefore, it is easy to find new vulnerabilities in the operating system, browser, and websites. Fortunately, they are opposed by no less professional developers who block vulnerabilities through updates. Therefore, it is best to install updates right after they are released.
Popular browsers and operating systems are updated automatically, but websites often need to be updated manually. Keep an eye out for updates and immediately update your online store.

5. Choose the best hosting service

Choose a reliable hosting with a good reputation, which puts the security of your websites among their top priorities. To place your Woo Commerce store on the first hosted hosting is not the best solution. For Woo Commerce security find hosting that pays special attention to security. Here are a few options that hosting should provide:
  • Control and prevention of attacks.
  • Proactive reporting and patches for security threats, such as WordPress main bugs, plug-in exploits, etc.
  • The ability to isolate and eliminate the spread of infections – thus a hacked site or virus cannot be transferred to other sites located on the same shared server.
On the site of a good hosting company, there should be a page devoted to security so that you can find out all the necessary information.  A2hosting is the best hosting services which provide the best server response and security protection.

6. Change the FTP directory settings

There is another security measure that can be applied in a matter of minutes by restricting access to vulnerable website directories via FTP.
Unprotected shared hosting environments or hacked passwords threaten to gain access to your site’s FTP, through which attackers can download malicious files directly to the WordPress directory. We recommend that you limit the ability to write to these directories in order to minimize or completely eliminate the likelihood of damage and misconduct.
Make sure that only your FTP account has to write access to the following folders:
  • The root directory (except .htaccess files, if you use the WordPress plugin to redirect URLs)
  • WP-admin
  • WP-includes
  • WP-content
You will also need to grant write access to the WP-content folder for your server.

7. Regularly scan the Woo Commerce website for vulnerabilities

A regular scan of the website for vulnerabilities has become a necessary procedure. Scanners detect SQL injections and cross-site scripting (XSS), malware redirect, and other vulnerabilities. The information obtained after scanning will allow system administrators to remove vulnerabilities at the code level. And it will also provide an overview of the security level of the website.

8. Limit the Number of Login Attempts Using Jetpack

Using even the most sophisticated passwords and including two-factor authentication, you cannot always be protected from some suspicious personalities who can forcefully try to enter your store.
The Jetpack protects security features can help with this, which will limit the number of attempts to unsuccessfully log into your store’s admin panel. After that, the IP address from which these attempts were made will be blocked. This will prevent malicious attempts to enter and the lock statistics will be displayed in the control panel.

9. Protect Devices

All previous tips help you protect against website hacking but you can get a desperate hacker who will try to hack your devices. Just think a hacker has selected the device from which you manage the website, and your web browser is configured to auto complete passwords. Hacker learns password and hacks the phone in order to see the confirmation code.
For protection against hackers, configure encryption.
The simplest way is to use the administrator password to log on to the computer and the lock screen on the mobile phone. It’s better to use encryption for all devices.

10. Block Access by IP Address

If you have a convenient and high-quality hosting you can completely exclude access to your site via FTP, SSH protocols other than your IP address using Firewall. In this case, no matter how hard an intruder tries, he cannot get to the online store or site and post malicious code via FTP or admin panel.
All he has to do is try to download the malicious code through the admin panel of the store. But here we can also block access to it via IP. If you want to block the input for the desired folder by the IP address, use the file .htaccess
To allow access only from your IP to the folder, you need to place the following text:
Order deny, allow 
allow from 123.134.567.890 
allow from 
deny from all
Specify the IP addresses from which you will usually go to the desired folder.
Save the .htaccess file and drop it into the desired folder. After that, the user from someone else’s address cannot enter the website. There is one more option you can disable logging in to the desired folder through the settings of your Woo Commerce website hosting.


Remember that protection should be the top priority of your Woo Commerce website. In the process of launching your website, it is very easy to overlook the security issue, but it should be treated with all seriousness if you want to successfully run your business. Woo commerce security is very important. Protecting your data and your customer data from the very beginning should be your primary concern.

We Fix Hacked/Infected Websites

Is your WordPress website infected with Malware and your visitors are decreasing at a rapid rate? No Worries, we can fix Malware issue on your WordPress website.