[ad_1]
I’m building my online store with wp and elementor. I’d say I’m 60 % done.
And now I’m wondering how I make my online shop 🔐 secure.
For the payment processing I’ll be using stripe so as far as I know there won’t be any customer card details on my DB.
Also it’s not launched yet and its on shared hosting I’ll be moving it to either to cloud hosting or vps before launch.
Anyway if someone has any info about making wp more secure please share 🙂
Thanks
Having a third-party manage the payment details is a good idea. In general, security best practices for WordPress will apply to all sites, not just e-commerce sites. Some of those considerations will include regular updates, access logging (you should only have people you trust accessing the admin area), scripting vulnerabilities (for which a developer would be most helpful), file permissions, etc. There are plugins that help with these security details, but be careful not to choose one that does a lot of scans, which can slow down the site. Your decision to move to VPS is also well-advised.
Get a decent webshop plugin – Many use WooCommerce.
SSL (https) for the entire site helps.
Locking down certain pages and ‘ways-into-wp’ such as xmlrpc and wp-login.php also helps. A lot of such securities can be done through .htaccess without plugins (keep the site lean and fast!)
An brute force protection and antispam plugin will help a lot.
Perhaps a simple captcha/security question thing on forms and such.
As you pointed out, no cheap shared hosting.
Other security measurements:
– Use SSL certificate. The payment processors requires it anyway
– Remove all unused plugins, themes
– Keep all themes and plugins up to date
– Set up automated daily backups
– Set up email security headers like SPF, DKIM
– Use anti-spam plugin like OOPSpam
– Put your website behind Cloudflare for DDoS protection