[ad_1]
Hello everyone
I am in the process of building a site in WordPress with WooCommerce and happily I am making really good progress.
I wanted to ask how to know if my site is protected if it is currently clean and what can be done to protect myself and especially my customers.
​
In addition, the website sits on Bluehost’s server and they provide encryption but for some reason the “https://” is off but the URL of the website has “https://”… is that how it should be?
[ad_2]
SSL doesn’t protect a site. It simply encrypts communications between a user and your server.
Your ssl is on. “Enforce” is off, which means if someone tries to access your site via http:// it won’t force a redirect to https. You should turn that option ON.
As far as protecting your site, the primary things you can do: ensuring WP, your theme, and plugins are kept up to date at all time. Use strong passwords. Install Wordfence to receive alerts of suspicious logins and any known plugin vulnerabilities and it will also block repeated failed login attempts.