Skip to main content
WordPress made easy with the drag & drop Total WordPress Theme!Learn More

6 Tips to Help Secure Your WooCommerce Website

September 26, 2016
6 Tips to Help Secure Your WooCommerce Website

Here’s something you already know: keeping your e-commerce secure is a vital part of running your online business. If you don’t keep customer data safe during and after the transaction, they’re much less likely to do business with you again.

But technology, especially security technology, is constantly changing, which can make it hard for business owners to keep up.

Fortunately, you don’t have to be an expert to protect your site—and your customers—if you’re using WooCommerce. There are simple steps that are well worth taking for any WooCommerce site owner.

Even though securing your site is a multi-step process, it doesn’t have to be overwhelming if you follow our simple steps.

1. Use a host that does security leg-work for you

As mentioned above, there are people out there (not you) whose job it is to know the ins-and-outs of security. And many of them work at hosting companies. That’s why a simple and easy way to protect your site is to choose a host that makes security a priority.

When choosing a web host, look for ones that offer:

  • Daily backups: these will help you get back online fast in the event of an attack.
  • Automatic updates: these help patch security holes as soon as they’re discovered, keeping your data safe.
  • Restoration services: along with backups, these help you get back online in case something goes wrong.

2. Prevent Brute Force Attacks

Still the most common way to break into sites, brute force attacks refers to a simple yet effective method of simply guessing combinations for passwords or security keys until one happens on the correct series of characters.

Fortunately, as the method is relatively simple, there are relatively simple ways you can prevent them.

  • Limit login attempts: Brute force only works if the bad guys (or really their computers) can try and log in millions and millions of times. Fortunately, there are many WP plugins out there that limit those very attempts. For your WooCommerce site, we like: WP Limit Login Attempts and Login Lockdown

  • Use a password manager: Password managers like LastPass help create incredibly difficult passwords for you, and then automatically enter them when you’re on the appropriate site—provided that you know the master password. It’s a great way to make passwords that even sophisticated attackers will have trouble cracking.
  • Use 2-Factor authentication: 2-factor authentication is another smart way to keep your website safe. With 2-factor authentication, even if bad guys have guessed your username and password, they’ll still have to gain access to another password on another device (typically contained on an SMS sent to a personal cell) to get past the second layer of protection. We’re personally fans of miniOrange’s 2-factor plugin.

3. Get yourself an SSL certificate

Here’s the thing: if you’re accepting credit cards, you need an SSL certificate. They encrypt your customer data—most commonly credit card details—when people send you info over the internet.

4. Always keep a backup

Look, we know we just said choose a host who provides daily backups, and that’s all well and good. But at the end of the day, you have no guarantee that your host will backup daily for you. Only you can guarantee that you’re keeping backups.

That’s why you’ve got to keep your files backed up yourself, too. Backup the backups, if you will!

There’s a good number of WordPress backup plugins that offer this invaluable service (really, don’t skimp on this!)!

5. A.B.U. (Always Be Updating)

Remember above when we talked about how there are smart people whose job it is to know about security? Another good chunk of those people work at places like WordPress, and they’re constantly coming out with new WordPress versions that have fixed previously-undiscovered security holes.

And so when you log in to WooCommerce and you’re prompted to update, you might think, “Ugh, again?” but really, this is for the good of you and your business.

If your web host has automatic updating, you might not have to worry about this. But if it doesn’t, you need to be updating whenever you’re prompted.

6. Let your customers know they’re secure

While it’s one thing to protect your customers (and your business), it’s another thing entirely to let them know that you’ve got their backs.

Why would you want to do this? Because customers who feel safe are more likely to buy and recommend your site to their friends, increasing your bottom line and growing your business.

So we like to show off our safety with the McAfee SECURE plugin. It lets visitors know that your site passes an external security scan and is makes them feel safe when buying from your site.

McAfee SECURE is not only an easy way to increase your website credibility but it also provides a number of other services for premium members including site reviews, diagnostics, sitempas, search highlighting, shopper ID protection and more.


Most of these steps are as easy as installing a plugin on your WooCommerce site. They don’t require a ton of technical knowledge, and it’s beyond worth your time to take an hour or so to get this all done and then get on with what you do best — selling.

Subscribe to the Newsletter

Get our latest news, tutorials, guides, tips & deals delivered to your inbox.


  1. Santanu

    Keeping a WordPress site or any kind of website secure is a very big challenge these days, Thanks for sharing this amazing article.

  2. Mike Lamis

    Hello Sebastian,

    Does adding McAfee SECURE Plugin will make my website slow?
    In terms of hosting is VPN more secure than Shared Hosting?

Leave a Reply

Your email address will not be published. Required fields are marked *

Learn how your comment data is processed by viewing our privacy policy here.