wordpress woocommerce
TRANSCRIPT
![Page 1: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/1.jpg)
WordPress & WooCommerceSecurity Best Practices
Moderated by
Nicole Banks@Incapsula_com
Matty Cohen@mattyza
![Page 2: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/2.jpg)
© 2016 Imperva, Inc. All rights reserved.
Are you currently a WordPress user?
POLL
2
![Page 3: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/3.jpg)
© 2016 Imperva, Inc. All rights reserved.3
Introduction
• Thanks for joining the webinar
• The webinar will last 30 minutes and will be recorded
• Feel free to submit questions at any time, we will answer as many as we can at the end
• We will send you a copy of the recording and a PDF copy of the slides afterwards
• Any questions or concerns, feel free to submit in the chat or email [email protected]
![Page 4: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/4.jpg)
© 2016 Imperva, Inc. All rights reserved.4
Agenda
1. Introductions
2. Why Security?
3. Tips for the Best WordPress Experience
4. How WooCommerce Can Help?
5. Wrap-Up
6. External Resources
7. Q&A
![Page 5: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/5.jpg)
© 2016 Imperva, Inc. All rights reserved.5
Imperva IncapsulaImperva Incapsula is a cloud-based service that makes websites safer, faster and more reliable. Our mission is to provide every website, regardless of its size, with enterprise-grade website security and performance features that so far have only been affordable to the very largest of websites.
![Page 6: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/6.jpg)
Matty CohenWOOCOMMERCE PRODUCT TEAM LEAD AT AUTOMATTIC
![Page 7: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/7.jpg)
CHAPTER I
Why Security?
![Page 8: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/8.jpg)
Prevention Is Better Than a CureHaving no security breaches is better than having to
fix even one security breach.
![Page 9: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/9.jpg)
Peace of MindIf anything were to go wrong, you know you’re
covered.
![Page 10: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/10.jpg)
Security Is a MindsetConstant vigilance, and a sharp eye for detail.
![Page 11: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/11.jpg)
CHAPTER II
WordPress
![Page 12: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/12.jpg)
What Is WordPress?An open source website creation platform, powering
~26% of the known websites on the internet.
The operating system of the web.
![Page 13: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/13.jpg)
Tip #1: No “admin” UserMake sure your default username is anything other than “admin”, and is an uncommon word or phrase.
If you have a username you use regularly online,you could use that.
![Page 14: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/14.jpg)
Tip #2: Protect wp-adminWith WordPress, it’s possible to have your wp-admin
directory accessible within a certain IP address range, or moved entirely into a private directory on
your server.
![Page 15: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/15.jpg)
Tip #3: Use Unique Table PrefixesBy default, WordPress uses wp_ as the database
table prefix. Adjust this to something unique.
![Page 16: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/16.jpg)
Tip #4: Use Unique Keys and SaltsWithin wp-config.php
Adjust the keys and salts in wp-config.phpto be unique and lengthy.
WordPress offers a secret-key servicefor generating these strings, here:
https://api.wordpress.org/secret-key/1.1/salt/
![Page 17: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/17.jpg)
Tip #5: Regularly Review the InstalledPlugins List for Inactive Plugins
Go through the list of plugins you have on your WordPress, delete any which you aren’t using, and examine those you are using, to see if they are still
required and relevant.
If they aren’t required or relevant,deactivate and remove them.
![Page 18: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/18.jpg)
Tip #6: Enforce Strong Passwords
There is no such thing as a password which is too long.
Enforce the strongest passwords possible, to ensure a more secure environment.
WordPress has a built-in password strength checker.
![Page 19: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/19.jpg)
Tip #7: Limit Login AttemptsUse the Jetpack plugin, and enable its Security feature, to prevent brute force login attempts.
https://jetpack.com/
![Page 20: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/20.jpg)
CHAPTER III
WooCommerce
![Page 21: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/21.jpg)
What Is WooCommerce?The world’s most flexible eCommerce platform.
Powering ~39% of all known online stores.
Powered by WordPress.
![Page 22: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/22.jpg)
Tip #1: Pick a Trusted Web HostEnsure you choose a trusted and secure web host. Invest
in dedicated web hosting, if possible.
http://pressable.co/http://bluehost.com/
http://wordpress.com/vip/
![Page 23: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/23.jpg)
Tip #2: Use Trusted ExtensionsWhen selecting your WooCommerce extensions, be sure
to use trusted extensions from WooCommerce.com.
http://woocommerce.com/
![Page 24: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/24.jpg)
Tip #3: Research the ExtensionsIf you use an extension from another source, such as the official WordPress plugin directory, be sure to check the number of installations, the star rating, and when the
extension was last updated.
http://wordpress.org/plugins/
![Page 25: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/25.jpg)
Tip #4: Invest In an SSL certificateEnforce SSL on all checkout-related screens of your WooCommerce. Enable an SSL certificate, and then enable the “Force Secure Checkout” option within
WooCommerce.
Your web host should offer SSL. If not, namecheap.comoffers reasonably priced SSL certificates.
![Page 26: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/26.jpg)
Tip #5: Be Mindful of Private DataThere is a high risk in storing a user’s private information.
If you’d prefer not to do this, you could use an off-site payment gateway, instead of storing a credit card auth
token.
![Page 27: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/27.jpg)
Tip #6: Check Permissions WhenConnecting to External Services
If you decide to share information with an external service, be sure to check the permissions this service
requires, and reach out to them if you feel the service is requesting too many permissions.
For example, a read-only service doesn’t need write permissions to your WooCommerce.
![Page 28: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/28.jpg)
Tip #7: Regularly Test your CheckoutRegular testing of your checkout, with a security mindset,
minimises the risk that your checkout flow could be compromised, as you are regularly reviewing the
checkout.
Be sure to open your web browser’s “Network” tab when doing these tests, to ensure no information is being
leaked.
![Page 29: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/29.jpg)
“
”DOUG LINDER
A good programmer is someone who always looks both ways before crossing
a one-way street.
![Page 30: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/30.jpg)
Wrap-up
![Page 31: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/31.jpg)
© 2016 Imperva, Inc. All rights reserved.31
In a fun, quiz-based online format, these free training courses give you the technical knowledge and skills to identify and block different types of DDoS attacks.
www.DDoSBootcamp.com
DDoS Protection BootcampDDoS Protection Mastery Starts Here
![Page 32: WordPress WooCommerce](https://reader035.vdocument.in/reader035/viewer/2022062223/587a98b41a28ab09758b55df/html5/thumbnails/32.jpg)
Thanks
Matty Cohen@mattyza