Digital security is an ever changing environment, every e-commerce store is potentially vulnerable, woocommerce is no exception. This post will address some security concerns related to your websites’ database and how you can address them.
It is estimated that 33% of all online stores are operating on woocommerce, because of its immense popularity it is a lot more tempting for hackers to look for vulnerabilities. The good news is that security on woocommerce is already quite solid, but you can and should always take it further. The “all in one security” plugin is a great solution to a lot of woocommerce security concerns, it is easy to set up and as infinitesimal effect on your website’s performance.
In the scheme of an online store, your database is the most important asset, all your data, and I mean ‘ALL’ of it is in your database, if you lose this and you don’t have a back up then you’ll have to start from scratch. There are a couple of ways that you can improve the security of your database, the first and useful is regularly backing up your database. If you are using WP engine to host your woocmmerce store then they will look after daily backups for you, or you can create manual backup points. If you have any trouble with this then you can contact them on the live support. The all in one security plugin(AIOS) also allows you to perform and schedule database backups, in the AIOS menu click Database Security->DB Backup.
Since woocommerce databases’ are all structured the same by default this gives potential hackers knowledge of how and where your data is stored. AIOS allows you to add a database prefix to your database tables, this is a short string of characters that is added to the names of your database tables, meaning that hackers don’t now know how your database is structured. you can find this option under Database Security->DB Prefix.
The information to access your database is stored in a file called wp-config, this file allows your woocommerce store to read and write data to your database, fundamentally allowing it to operate. This file and its’ contents are a security concern, if a hacker gets to this file then your database is vulnerable. A measure you can take to secure this file is to make sure its’ file permissions are set to 644, you can again do this with AIOS in Filesystem -> Security by simply clicking on the ‘Set Recommended Permissions’ buttons in the right column. You should also be cautious as to who you give FTP access to to keep this file secure.