Although built -in security measures in WordPress and Woocommerce, the new shop owner should do some basic things to come Ensure that their customers, teams and data are safe in the worst case.
The following is eight things that all new shop owners should do.
1. Select a reputable host
Your hosting service provider stores your website files and databases so that people all over the world can view them. Your host should take measures to protect these documents from the infringement of hackers and malicious software -choosing the wrong host may make you and your customers risk.
Ideally, you should find a console that knows WordPress and clearly states that they give priority to your safety and guarantee. Find the following functions:
SSL certificate, protecting customer data and other customer data.
Backup so that if there is any problem, you can fully restore your website.
Attack monitoring and prevention, Let you immediately know whether malicious software is found in your file or database.
Server firewall, Prevent hackers from accessing your files.
24/7 to get support all -weather, just in case.
The latest server software , such as PHP and MySQL.
The ability to isolate malicious files, Make the virus or malware cannot move to other sites or folders on the same server.
The host you evaluated should be on their website A page about security, so you should be able to confirm whether your host provides these features. If you have to dig or send emails in depth to get the answer, this may be a sign that needs to be avoided. This host service provider list is a good starting point.
2. Create (and secure storage) Strong password
Although security may start with your master, you can stick to it. Select a security password for all accounts associated with your store.
This means:
Use the unique password for each account.
Create a password containing capital letters, lowercase letters, numbers and symbols.
Avoid using words, anniversary, birthday or other phrases that are easy to guess.
Level priority -the longer the password, the more complicated, the more difficult it is to crack.
Worrying about your password is really safe? Don’t be afraid: WordPress has a built -in security password generator, which can easily generate complex and difficult to guess combinations.
But the password that remembers difficulties may be tricky. A good solution is a password manager, such as Lastpass or 1Password (our favorite on WOO). They store your password safely and automatically fill them on your favorite website. 3. Enable dual identity verification (2FA)
If anyone can access your email or other accounts, they may be able to collect enough information to reset your password and log in.
Dual identity verification (usually abbreviated as 2FA) is a wonderful way to protect your online account from unpopular invaders
. 2FA relies on the second step (usually your smartphone) to verify and log in and verify that you are the owner.
Ideally, you should enable 2FA on all account. Under normal circumstances, individuals who successfully access your e -mail account may find login information for your store and other accounts. But using 2FA, they will not be able to log in through your mobile devices.
Indeed, adding the second step will also add a little time to your login process. However, knowing that your sensitive data is safe, it is definitely worthless. You can use Jetpack to implement dual authentication for free.
4. Prevent violence attacks
When hackers use robots to guess thousands of user name/password combinations, violent attacks will occur until they eventually come up with the correct combination. This not only allows hackers to access your website, but also may have a negative impact on your loading time due to the increase in store traffic.
Jetpack’s free violence attack protection function is a good way to prevent them from moving forward. It is even maliciousIP address automatically stops them before reaching your site, so you don’t have to worry about them.
5. Add additional site protection layer
We have discussed some methods to protect your website, but in order to further, please consider implementing more security tools for Jetpack. In addition to dual identity verification and violent attack protection, it also provides:
] Malid software scan (payment): If malicious software is found on your website, you will get alarm immediately so that you can remove and repair most known threats with one click. This is like someone to guard your website 24/7.
Spam prevention (paid): Automatically delete comment and contact form spam, these mails will make you look unprofessional and guide customers to malicious third -party websites.
Activity log (free): Pay close attention to everything that happened on your website -from updated pages and new products to user login -and personnel and time to perform each operation.
Disclosure time monitoring (free): Immediately know whether your website fails (this is a common sign of hacker invasion) so that you can quickly recover and run.
Automatic plug -in update (free): Automatic update plug -in to keep your website run smoothly and avoid hackers.
Detailed understanding how Jetpack protects your WordPress website.
6. Check and adjust your FTP settings
ftp (file transmission protocol ) Used to transmit files between two devices. Through your hosting service provider, you can create an FTP account that allows you to connect to your website server from a computer. If malicious actors access these accounts, they will be able to change any number of your website. However, limit the permissions of these accounts can reduce or even completely eliminate the possibility of damage. Ensure Only Your
FTP account
You can access the following folders:
root directory
WP-Administrator
WP-Including
wp-content
For more details about locking FTP, please see WordPRThis part of ESS CODEX. Your landlord should also be able to help you take these preventive measures.
7. Always update your website
The process of updating WordPress, Woocommerce, and your plug -in or extended programs is absolutely crucial. There are reasons for release updates, and they usually make your website more secure. Ignore them, you may put yourself and your customers in danger.
What is the best way to solve this problem? Stay to check your updates, backup and deploy these updates to your site. If you don’t want to worry, you can also open the automatic update function in WordPress.
8. Back up your store regularly
If your website was invaded by hackers, the backup is the fastest and best way for the clean version to restart and run.
Select a woocommerce backup plugin that automatically dealt with this problem -we recommend Jetpack Backup:
Once every 24 hours, every 24 hours Daily backups and real -time backups that occur on your site (the products purchased, updated pages, etc.) on your site are selected.
Never worry about losing order information. Whether you restore backup from five minutes ago or five days ago, all your order information will be saved to the present.
One -click restore. No need to worry about time -consuming and difficult recovery. Just find the date and time you want to return, and then click a button.
When opening the store, put safety in the first place
It is easy to ignore security in the hustle and bustle of the store, but this is not something you should take lightly. From the beginning, the security of protecting customer data should be the top priority.
By following these simple steps, you will launch a safe and trusted store Basic, the store was well protected when rare attacks occurred.
Do you have any suggestions for the new shop owner who just considers the security topic of WordPress and Woocommerce? We are happy to receive your letter in the comments.
Automatic plug -in update (free): Automatic update plug -in to keep your website run smoothly and avoid hackers. 
