Wooassist

Assistance for Your Woocommerce Store

You are here: Home / Archives for WordPress updates

11 Things You Can Do to Increase the Security of Your WooCommerce Store

By Leave a Comment

Increase the security of your WooCommerce store

Keeping your WooCommerce store secure is important. Hackers discover new exploits every day. In fact, more than thirty thousand websites get hacked on a daily basis. Don’t be a part of that statistic. Increase the security of your WooCommerce store before it’s too late.

At Wooassist, we’ve had our fair share of clients that have had their websites hacked. Cleaning up after a hack is a lot of trouble. You have to get rid of the exploit and weed out any remaining backdoors that would allow the hacker to regain access to the hacked site. Worse, a hacking incident can lead to a website being penalized by search engines for containing malware. In this post, we’ll share some tips that you can do right now to increase the security of your WooCommerce store. Following these tips will reduce the odds of your site getting hacked.

1. Check Your Login Information.

Often, hacks happen because of the user’s fault. Almost 90% of cyber-attacks are caused by human error or behavior.

The first step to increase your website’s security is to make sure that your login information is secure. First, don’t use “admin” as your username. Why? Because brute force attacks usually target this username. And if you use admin as your username and have a weak password, it is almost guaranteed that your site will fall victim to a brute force attack. But what if you are already using admin as your username? You’ll just need to create a new administrator account using a unique username and a strong password. WordPress will already recommend a strong password that you can use. After creating a new account, log in to the new account and you can then proceed to delete the “admin” account.

2. Keep your WordPress/WooCommerce Site Updated

Keep your WordPress/WooCommerce Site UpdatedKeeping your WooCommerce store updated will protect your site from the latest known vulnerabilities. Developers regularly patch exploits that are found in their systems so it is imperative that you update on a regular basis.

Before updating however, it is important to test your updates first on a development site or at least create a backup. Often, updates can break your site and this can harm your conversion rates if you don’t have a backup that you can revert to. Websites breaking due to site updates are common. Some hosting providers such as WPEngine provide their customers an easy-to-set-up staging environment. Here you can test your updates before applying them to your live site.

3. Use Two-Factor Authentication.

Using 2-factor authentication greatly increases the security of your website. Even when a brute force attack manages to get into your site, you can block the hack with two-factor authentication. Unless the hackers get a hold of your phone, you’re safe.

4. Install a Security Plugin

A WordPress/WooCommerce site without a security plugin is like a computer without anti-virus software. Wordfence and Sucuri Security are some good options. Just install the plugins and then activate. After activating, just go to the plugin’s settings and configure depending on your needs.

Prevent Brute Force Attacks

5. Limit Login Attempts.

Limiting login attempts will deter brute force attacks. A brute force attack will attempt to guess your username and password sending hundreds if not thousands of requests every minute. Limiting login attempts pretty much renders brute force attacks powerless unless you have a weak password. There are a couple plugins that can help you limit login attempts such as Login Lockdown.

6. Protect your wp-config File

The wp-config file is a crucial part of the WordPress ecosystem. It contains important configuration information of your WordPress site which is why many hackers try to target this file. There is however a workaround to block intruders from getting access to this file. Simply place this code in your .htaccess file.

7. Hide Login Error Messages

Whenever you enter the wrong login credentials on WordPress, it returns an error message saying your username is wrong, your password is wrong, or your password does not match the username. You may think little of this, but for hackers, this bit of information is priceless. You can prevent hackers from getting clues on your WordPress logins. You can hide these error messages by adding the script below to your functions.php file. Do note however that making a mistake when tinkering with your functions.php file can cause your entire site to go down. Unless, you’re a web developer or know your way around the file, it is recommended to have a developer do this for you.

function wrong_login(){

Return ‘Wrong username or password.’;

}

Add_filter(‘login_errors’, ‘wrong_login’);

Hide WordPress Version

8. Hide WordPress Version

For hackers, discovering that your WordPress version is outdated is like finding a gold mine. So it is imperative that you always update to the latest version of WordPress. Many hosting providers will automatically update your WordPress version. However, this is not always ideal since automatic updates can mess up your site. If you’d like to do your WordPress updates at your own pace, then you should hide your WordPress version. To hide your WordPress version, paste the following code on your functions.php file.

function remove_version(){

Return”;

}

Add_filter(‘the_generator’, ‘remove_version’);

9. Do a Plugin Audit

A plugin audit is a process of reviewing the plugins installed on your site. You’ll want to look out for plugins that are no longer being updated by the developer. Outdated plugins usually become backdoors for hackers. When analyzing your plugins, you can categorize them in a number of ways.

  • Plugins that you want to keep.
  • Plugins that you don’t use or your customer’s don’t use. If you have a plugin that adds a certain functionality to your site but your customers are not using it, you might as well get rid of it. This just adds extra bloat to your site.
  • Plugins that are no longer being updated by the plugin author. This is a major security threat and you should get rid of these immediately. If you still need the functionality that the plugin provides, just find an alternative plugin. Just make sure that the new plugin is being constantly updated.

You can do a plugin audit every few months to keep your site spiffy clean.

10. Install Only Reliable Plugins

You’ve done your plugin audit. Great! Now, don’t go down the same road. Don’t just install any plugin that you find. Look at the plugin rating. Check reviews. Check when the plugin was last updated. If the plugin fails any of those three elements, consider finding something else.

11. Prevent Directory Access

If you do not block directory access on your WordPress site, users may be able to freely view the files on your site. These files may contain sensitive information that hackers can use to exploit vulnerabilities on your site. Disabling directory access can be done with a minor tweak. Just place the following code in your .htaccess file:

# Prevent folder browsing

Options All –Indexes

If you’ve done all these things, your WooCommerce store will be protected from most known threats. Should you need help getting any of these done, you can contact the Wooassist team and we’ll be able to help you out.

Do you know of any other things that you can do to help keep your WooCommerce store more secure? Let us know in the comments.

Woocommerce 2.3 Update: New Features and Common Issues Encountered

By 4 Comments

It has been a month now since Woocommerce 2.3 was officially released. There has been mixed feelings about the new version. Some users find the new features awesome while others struggle to keep it together. To give you a recap, here are the new features of Woocommerce 2.3 “Handsome Hippo”.

Woocommerce 2.3 Features

  • User Interface and User Experience Update- Woocommerce 2.3, also known as the handsome hippo, has a flat design that goes well with many themes. The messages, notices (2 in the figure below), buttons (4), and the payment box during checkout has an updated look.Woocommerce 2.3 Cart Update

The cart template is also updated. The “Proceed to Checkout” button (5) was moved under the cart totals to enhance user experience. Another cool feature is the undo option (1) in the cart. That means that if you accidentally removed a product on your cart you can easily add it back in using the undo button. You also have the option to remove product from the cart widget (6), which I think is a really cool update on the default style template.

Woocommerce 2.3 cart_widget

There are also several features that were removed due to redundancy. The option to change the colors of the buttons as well as the increment and decrement button (3) were removed. Now, if you want to add those features back, you need to install additional plugins.

Woocommerce 2.3 also introduced an opt-in usage tracking that allows the Woocommerce team to view the settings of sites. This will allow them to upgrade their system to fit the requirements of their users. You will have an option to disable tracking in the woocommerce dashboard using this path: Woocommerce/System Status/Tools. Simply click the Reset Usage Tracking Settings button.

Woocommerce 2.3 usage_tracking

  • Coupons Update- This is probably one of the major updates in Woocommerce 2.3. Coupons will no longer be applied before taxes. The “apply before tax” option has been removed in the woocommerce settings.

Woocommerce 2.3 coupon

Aside from that, the rest of the coupons settings are left untouched. However, there are still a few issues with coupons that has not yet been sorted out on the latest version of woocommerce 2.3. We will get to that in a sec.

  • Emails- woocommerce 2.3 makes it easier for developers to override the CSS of emails sent through woocommerce. Additional hooks are created so that developers can easily adjust the CSS templates according to their preferences. In addition to that, emails sent will be using the woocommerce core templates but will also allow plugin templates to blend in with the shop emails.
  • Geolocation- Now, with “Handsome Hippo”, you can easily locate your customers by using their IPs. This can be used to calculate tax based on the users estimated location.

Woocommerce 2.3 Geo_Location

Issues Encountered

Woocommerce informed large theme companies about the changes before releasing Woocommerce 2.3. Prior to the official release, Woocommerce also released Woocommerce 2.3 beta so that they can work hand in hand with theme companies and plugin authors to make the release as smooth as possible. Though a lot of site owners welcome the design update on the front-end, some sites suffered from CSS and theme incompatibility and had to do a complete overhaul. Woocommerce 2.3 started using Sass, and there are inevitable plugin incompatibilities encountered by sites that use plugins using LESS.

The image below is taken from one of our sites that we manage. You will notice that the buttons, due to the flat design, need fixing. You can barely see the labels of the buttons.

Woocommerce 2.3 buttons_and_option_to_remove_products_from_cart_widget

To fix this issue, Woocommerce suggests installing a plugin that will allow site owners to easily change the colors of buttons and other elements on their sites. You can customize the buttons by clicking Appearance/Customize/Woocommerce.

Woocommerce 2.3 buttons

On the same site, we also encountered problems with the application of coupon codes. Though the products added are exclusive of tax, which means that the tax calculations will not be affected, we experienced a weird issue with the application of coupons on top of a free shipping rule. The free shipping rule allows customers to get free shipping when the item bought is more than $49.

If you look at the image below, instead of displaying the free shipping note on the “Shipping and Handling”, it has been replaced by a radio. Here you will have the option to either choose free shipping or flat rate, which doesn’t make sense because customers would always want to choose the free shipping option. Aside from that, if you apply a coupon and the order total falls below $49, the flat rate automatically kicks in without the free shipping option. The store owner would not want that to happen and this issue only started after the Woocommerce 2.3 update. We will be discussing the solution to this issue on our next article.

Woocommerce 2.3 increment_decrement,_notices-2.3

Conclusion

Keeping your plugins up to date is very important. However, with major updates like this, it is best that you create several backups of your live site before doing anything. In some cases, it might even be necessary to copy your live site to a development site. Doing plugin updates on the development site allows you to fix errors caused by the update and at the same time reduce losses due to downtime.

The woocommerce team spend so much time and dedication for this update. Though there may be some hiccups along the way, their proactive communication with theme companies have been really helpful in ensuring that the update will not cause serious problems to their users.

If you have encountered some issues regarding the woocommerce 2.3 update or if you want to share your take on the new features of woocommerce, feel free to leave your comments below.

 

Let us support your online store so you can manage your business

Get started today

Get 2 Hours of FREE SUPPORT

We are so confident that you will love our services that we will give you your first 4 hours at a 50% discount

That’s 4 hours for only $75

Free eBook

5 Things Every Online Store Can Fix On Their Website In The Next Week To Increase Sales

Wooassist

Australia:
59 Luke St.
Hemmant QLD 4174

Philippines:
San Miguel St.
Poblacion, Iligan City 9200

Connect