How to secure WooCommerce WordPress site?

WooCommerce is a great eCommerce platform, and WP is an amazing CMS. Like other web applications, WP is not hackproof. If you’re using a managed hosting service, your site would be periodically checked for viruses/malware infection by the hosting provider’s antivirus applications. But if you’re using shared or unmanaged VPS hosting, you will have to take care of the site’s security by yourself. Here are the tips you can follow to secure the WooCommerce WP site:

Use strong password

When you install the WordPress CMS for the first time, WP will auto-generate a password and fill in the password field of the user registration form with it. The CMS will also display an option to generate a new password. If you change WP generated password and use a password that has dictionary words only or is easy to crack, your WooCommerce WP site may get hacked.

Use Fail2ban

Fail2ban is a great tool for website owners. It can automatically ban or block the IP addresses of users that are trying to log in to your WP portal repeatedly. Once you set up Fail2ban on your server, enable its service. Fail2ban service will run in the background and protect your website without your intervention. How to know if Fail2ban is working? You can see the Fail2ban log file.

Monitor logs

Log files have few but vital details of the website visitors. Google Analytics doesn’t show the IP address of visitors, but the log file does. The file also shows the date/time on which the visitor was on your website. If you monitor the log files often, you can find out which visitor is trying to get into your WP dashboard, and you can ban this user’s IP address with the Iptables, Firewalld, or any other way you’re comfortable with. If, for some reason, you are unable to use Fail2ban, you can check the log files manually and block suspicious IP addresses.

Keep plugins and theme up to date

Over 97% of plugins that you’ll find in the WP repository are built by third-party developers. The plugins are updated often. If you use an old plugin that has not been updated for months and the plugin has some serious security issues, the chances of your site getting hacked will be great. A plugin update can break the site or an important feature. You can wait for a few days before updating the plugin or use the plugin on a staging website or localhost to check if it is working great or not.

Update WordPress often

Minor WordPress updates are released to address security issues or bugs that were a part of an older version of WordPress. A new version of WP has new features and bug fixes. If you don’t update the WP CMS when an update is available, and the update was launched to fix a major security issue, your site may get hacked.

Use 2FA

The 2-factor authentication feature isn’t built into the WordPress content management system, but you can add it to your WooCommerce site with the help of plugins. In the WP repository, you will find many two-factor authentication plugins. Find the plugin with good ratings/reviews and install it. Now set up the plugin.

Tip: Always back up the WooCommerce WP portal each time you add a new product or page, or make some changes to the design of the store/site. Backups ensure that you have site data at your disposal when something goes wrong with the website.

So, these are the tips you can follow to keep your WP site secure. You can follow these tips to protect your portal from hackers or users who want to log in as an admin and play with your website data.


Pramod is the founder of wptls. He has been using WordPress for more than nine years. He builds web applications, and writes about his experiences with various WP products on this site.

Leave a Reply

Your email address will not be published. Required fields are marked *