Select Page

If you’re going to be accepting payments online, you need to know if your e-commerce platform is safe, with Woocommerce powering most of the online stores on the internet, its highly important that you make sure that you choose a shopping cart solution that is safe.

Woocommerce is safe, but there are some things that can leave it exposed to hackers such as no SSL certificate, not updating plugins, themes and WordPress regularly, weak login details and cheap web hosting.

Woocommerce and WordPress are both owned by the same parent company which means you won’t have any compatibility issues integrating the two.

SSL certificate

An SSL certificate will help secure credit card information and data transfer via your website.

If you want to run a Woocommerce website, an SSL certificate is a must.

You can tell if a website has an SSL certificate or not if they have a padlock symbol in the left-hand corner of the URL.

Many browsers are so protective of their users, that if you accept payments via your website and you don’t have an SSL certificate, browsers such as Google Chrome will warn your visitors and try to turn them away.

Not only is SSL important for e-commerce, but can give you help gaining rankings in the search engines as it’s seen as a trust symbol.

Let’s Encrypt is a great option as it’s free to use and most hosting companies offer it.

Check your host’s docs to see how if they offer Let’s Encrypt and how to activate it, if you have any trouble, get in contact with your hosts support team and they will help you out.

Let’s Encrypt is sponsored by some of the biggest internet-based companies such as Chrome, Facebook and Automattic, not only that, but Shopify uses it as the SSL certificate for all their stores.

Not updating regularly

There can be major security issues if you don’t update your website regularly.

WordPress is constantly updating to patch security issues, but you’ll often have to login to authorise the updates.

Many people who have WordPress websites, tend to treat it as a set it and forget it, the problem is this could be exposing themselves and their customers to security problems.

Make sure you’re logging in regularly to update WordPress, your theme and plugins to help protect against security risks.

Free themes and plugins

This carries on from the previous point, when people make give away free themes and plugins, they don’t have any incentive to keep it updated regularly.

I understand to begin with you’re trying to bootstrap and go with free themes and plugins.

However, it is a good idea to reinvest into premium themes and plugins as soon as possible.

What you’ll find is some of the free themes and plugins haven’t been updated in years, this can lead to huge security risks.

Weak login details

I understand people get worried about forgetting their login details, so to counteract that, people use easy to remember usernames and passwords such as “admin” and “password”.

There are software that scrapes the internet that is designed to use commonly used login details in order to try break into peoples websites.

There are two things I would recommend you do to prevent this from happening.

Use harder logins that people aren’t going to guess, avoid using usernames such as.

  • Username
  • username
  • Admin
  • admin
  • administrator
  • Administrator
  • user1
  • demo
  • guest

Or passwords such as

  • x
  • Zz
  • password
  • Password
  • P@ssw0rd
  • admin
  • administrator
  • 1234
  • 12345

If you use a combination of the usernames and passwords on these lists, it’s not a matter of if your website will be hacked, but when your website will be hacked.

The second thing I would recommend you do is to install Wordfence, Wordfence is a great security plugin that will help reduce security risks.

One of the features is that you can upload a list of commonly used usernames to the plugin and if someone or something tries to use those usernames, they will immediately get blocked from logging into your website.

Using cheap hosting

With the level of competition in the hosting industry, owning a website is cheaper than ever, however, people still want to go as cheap as possible.

The problem is, if you go too cheap or even free hosting, you are extremely exposed to hackers.

Considering how cheap hosting can be, I honestly think it’s much better to spend a little extra to get that security and peace of mind.

Additional tools

Woocommerce itself is safe and should be fine for your e-commerce website, but there are things that it relies on that leave it exposed.

If you head to, this is where I have a list of hosting companies that I recommend for people to host their Woocommerce website, as a thank you for purchasing your hosting through my affiliate links, I have some bonus training and tutorials for you that will show you how to take your store to the next level, all the hosts I recommend offer free Let’s Encrypt SSL certificates.

Having regular backups is a great idea so that if your website does get hacked, you have files available that you can re-upload your website and have your pre-hacked website up and running within an hour, I recommend All-in-One WP Migration, it’s really easy to use and the premium version allows you to set regular backups.

Keep a regular check on the Wordfence blog, Wordfence have great resources and will post about plugins that have security risks so you can hopefully remove the plugins before getting hacked.

Security is your number one concern

Because you want to run an e-commerce website, security has to be something you take very seriously.

One of the biggest mistakes that people who own an online store make is that they treat it as a passive income source, they never work on the store and something they shouldn’t have to reinvest in.

It’s like if you had a brick and mortar store but didn’t reinvest into new locks on the doors when they get rusty, no security cameras or alarms, and then blaming the store when it gets robbed.

You need to keep on top of your website by updating WordPress, your themes and plugins, investing in security software.

There are a lot of people who will immediately lose trust in your business if you get hacked if you run an online store.

They don’t want to risk putting in their credit card information into a website that could potentially scam them.

It doesn’t take much work to keep your Woocommerce website safe, but doing nothing, could leave your website and your business extremely vulnerable.