As we introduced in the security introduction of Woocommerce, as a shop that is introduced for safety, well -protected stores It only takes a few steps to lay the foundation. But most of the prompts we provide are what you do before you open the store
or what you need to do immediately. Safety is not something you can consider once again. If you do not let your store maintain the latest state, pay attention to security trends, or strengthen your defense with your growth and expansion, you may put yourself in a very fragile position … At the same time Dangerous.
Let’s explore more methods after the release of your store.
1. Hide the wordpress version number
\”Okay,\” you might say, \”What?
This
This
How to ensure my safety? \” Well-it is not, not directly.
However, if you sometimes update WordPress a bit slow, then check your source code quickly to tell potential attackers. You may be more vulnerable to
other attack .
The current version of WordPress can be found in three positions:
The generator element mark in the title
The generator metabolism in the RSS commemorative
query string
Therefore, if you want to be one or two in one or two Test your update and one of the kind people who need to hide the version number for full reasons. You can use Frankie Jarrett code to hide three of the attractions to everyone.
Go to his post to get it, and then paste it to your functions.php file
.
Briefly introduce the code, provided by Frankie Jarrett.
Similarly, separate versions
cannot protect you -you
absolute 123]. But we also understand that there is usually a gap between testing and implementation, So this can help you maintain safety during this period.
2. Forcibly use SSL
] Safety starts with a safe connection. By following this prompt, you can absolutely ensure that your clients are spy on when you enter sensitive billing and transportation information at the checkout.
After enabling the \”Forced Safety checkout\” settings in Woocommerce, all pages related to the checkout process will be forced to use HTTPS
(that is, safe connection) at each load.
Because only the customer’s browser and your store can decrypt the information sent through the HTTPS connection, selecting this box can ensure that your checkout is safe, and no malicious people can peek at the credit card number or Other sensitive information flows and leave your store.
Forced security checkout can ensure the safety of your and your customers. The only prerequisite is the SSL certificate.
By transferring to WooCommerce \u0026 GT; Checkout and open or turn off the second check box, you can open and close this settings in Woocommerce.
Please note that This setting requires an effective SSL certificate to be in your you Railway in the store . If you have not obtained an SSL certificate, please read this guide to understand more information about why they are important and how they get a certificate with little or free of charge.
You can learn more information about this setting in Woocommerce by reading this page in our document.
3. Let the backup and safety scan a daily activity
In our first article on security, we recommend using trusted software to scan your site to find potential Vulnerability, violent attacks or malware. Now that you have started, it is time to raise things to a new level.
As your store starts and runs, backup and safe scan should be performed every day
. Backup is important because they provide you with something that can be rely on when data loss, and safety scanning can first prevent such loss (or infection).
[12]3] You can set the frequency of scanning, backup and notifications as needed, but we recommend that Back up once a day, scan at least once a day . Some solutions provide real -time backup and more frequent scans -Jetpack’s violence login protection is also real -time -but you can expand the frequency as needed up or down. If you are still looking for reliable and effective backup and security solutions in the market, Jetpack Premium plan is bundled with backup -WooCommerce customers can immediately save 15%
. From the first day, let Jetpack let you worry about it.
4. Change the default prefix used in the WordPress database
It looks very strange. Some people who hate attack the website for their own entertainment. Although you may think that your store is 100% safe, if you have the opportunity, these spam senders and hackers will find and use some small loopholes.
A known potential vulnerability comes from the use of the default database table set up. Change these settings to help prevent malicious code from injecting your server. The default prefix for the database table used to store WordPress information is WP_. Because most store owners will not change the previous dots during the settings (or do not even choose to do this, which depends on their host/installation process), Use the default value may make them face the risk of SQL injection attack ( And others) are because the hacker knows the names of these default tables very well.
Of course, so far, you may have set up WordPress and Woocommerce. But it is not too late to change these settings now. One or two SQL queries in PHPMYADMIN will immediately restore you to normal.
Use some appropriate SQL. Your WordPress installation add another layer of security. (Image source: In -depth research wp) Look at this detailed and useful step -step tutorial from Digging Into WP to understand how to change your database tables for prefix to be changed to it More complicated andSafe things.
SQL query is not yours? There are some free plug -ins around the same thing, but be careful — allowing your SQL database to be unlimited may be dangerous. At least, once you complete it and uninstall such plug -ins, there is no possibility of unintentional renames in the future.
5. Get rid of your \”administrator\” account
This last suggestion may look annoying for some of you, or it may even seem to be someone else. common sense. But this is critical, so we want to spend time here to emphasize.
When you run the online store, it is not recommended
. Just like the database table prefix, hackers know that this account (likely) defaults to exist, which provides them with a better opportunity to forcibly enter. Even the account that sounds similar , such as \”Testadmin\”, \”Administrator\” or \”Owner\”, will make your stores risky -they can easily be guessed to be guessed Essence As explained on the Attacking WordPress page on hackertarget.com (don’t worry, it is a method for providing suggestions, not a method of hacker attack), Once the hacker knows the account exists, they can quickly use the tools to guess your Password :
[…].
Test 500 passwords for the \”Testadmin\” account (discovered during the user enumeration period).
These 500 passwords completed the test within 1 minute and 16 seconds!
During the test operation, the site is still responding;
If there is no security log monitoring system, the web server administrator will not know the attack. They may enter the wrong password, they may enter the wrong password, and But now they know another thing: this account exists. (Picture source: hackertarget.com)
The meaning of the story: Your administrator account should be named unique and unlikely to be guessed by malicious people . UniqueThe nickname, the full name of multiple first letters or other names that are not easy to guess (for example, your name and the name of the surname or the store). Remember Use a security password
, so even if someone guessed your account name, they still
still find that they cannot log in. If you need to know what is safe and what is not, see Section 2 in this article.
Once your store is launched, please take safetyAlthough you can do a lot of things to ensure the safety of the store before opening,
The security should be that the owner of the store should continue Pay attention, not \”one for all\” things
. By following these prompts and updating your store and WordPress, you will be in a good position, which can keep your customers and your team safe and perfect.
Are there any questions about the safety prompts recommended in this article? Or better, can you share any advanced skills? We welcome you to provide feedback and ideas in the comments below.
allowing your SQL database to be unlimited may be dangerous
Once your store is launched, please take safety