Security Tips For Woo-Commerce stores

Starting a new business using the power of the internet is on the rise. People are getting attracted to it with each passing day. But it is not a bed of roses to run a successful business online. You need to always add products, fix bugs and also conduct a lot of marketing activities. However, the biggest headache when it comes to online stores is security. Online theft is always on the rise and quite dangerous, especially for the stores.

It is quite dangerous because people enter their personal details on your site and then it becomes your responsibility to handle it securely. Woo-commerce is basically used to make entry-level online stores and according to reports, it holds a massive 42% of market share. Now it is common logic that the threat to security is as high as the market share. In this article, we give you some tips to handle your site securely:

Keep it updated

A very talented team looks after WordPress and they know when the right time to release new versions. It is not important for you to update your version to all the new ones available. You just need to see whether the new release has the right security fixes or not. If yes, then update to it else you can let it go. Apart from updating the core you also should update to the latest themes and plugins in order to fix any vulnerabilities in them.

Use security plugins

It is a wise decision to use a security plugin from many offered. The thing to be remembered is to use only one as using multiple security plugins might result in complete breakdown of your site. Some of the top security plugins are-

  1. Wordfence
  2. Ithemes security
  3. Sucuri security

They are awesome at work and will definitely provide an extra wall in your security.

Use strong password

You should be aware of the importance your password holds. You should always set strong passwords. Weak passwords like ‘password’ or ‘ross999’ are the main reason why websites get hacked. Contrary to the normal belief, even alphanumeric are not safe from a brute force attack. A weak password and user ID pair can easily be cracked. On top of everything WordPress has a plugin ‘better passwords’ to generate strong passwords for its users.

Use a different username than ‘admin’

If you think that passwords are only things to be kept different you is wrong. Using common usernames is also a bad practice. It will be harder for the hackers to crack through your site if your username is hard to guess. To change your current admin name, you need to login with a different name and then delete the old admin account.

Hide author URL

When you create a new account you get a default author URL like If you use this URL it becomes easy for the hackers to break into your site as he can get the username from the user URL. It is highly advised to change the URL from the archives. It can be changed by customizing user_nicename under the wp_user table.

Include SSL certificates

Including SSL in your store is extremely important, especially in the login and checkout stage. This is so because very crucial information is exchanged between the user and the website at this time and it is important that it is transferred over an encrypted channel. Even google chrome gives a not secure alert over the sites not having SSL certificates. It is a little complicated task to add SSL certificates, but adding these will help you make your store even safer for your customers.

Always keep multiple backups

It should always be at your top on the priority list. Keeping multiple backups of your site should be one thing you are done with every time. The Foremost thing that you will have is peace of mind as you can restore a bug free store in a breath whenever you need it. You can automatically keep making the backups by using the UpdraftPlus plugin by making a backup policy.

Use a premium theme with support

If you have the correct vision and know that this eCommerce store is what you were up to all these years then you might as well invest in premium themes. The prime reason for doing so is that it comes with technical support and frequent updates. You can get woo commerce themes from ThemeForest or Woo-Themes or buy it from good theme providers like Grace Themes.

Disable edit files from admin panel

This is more of a post intruding measure. Disabling edit files from admin panel will at least prevent the hacker to edit files once he is in your admin panel.

Handling an eCommerce store is actually a duty of high responsibility. You have access to super sensitive information about your customer who trusts you with it and it is you who need to keep it safe. Hackers are forever preying upon such information and not only your customer’s it will be a huge loss to your business and reputation too.


Hence, the final verdict is that you should not compromise with anything related to security of your eCommerce website. Even if it takes some bucks out of your pockets let it be, it is always a worth it investment when you invest in security.

Maggie Sawyer Author

Maggie Sawyer is a creative magento developer at MarkupHQ Ltd., a leading Woo-Commerce development company with vast experience in web development & design. She provides psd to magento theme conversion services with 100% client satisfaction guarantee.