Cyber security and hacking have become a common part of today’s conversations. The media is often abuzz with hacking incidents around the world. It is important to remember that cyber security doesn’t just affect big organizations and countries, but also affects your WordPress site and eCommerce store.

Here are 8 basic things you can do to beef up the security of your WordPress store.

WordPress store security: 1. Update core

The WordPress core forms the foundation of your store. Make sure to update WordPress whenever it is available under Dashboard > Updates. This will make sure that you not only get the latest features of core, but also receive the most up-to-date security patches.

WordPress store security: 2. Update plugins and themes

Similar to above, plugin and theme authors will often push updates to their products. Updates will often add the latest security patches and reduce vulnerabilities to these products. Updates are typically visible under the Dashboard > Updates section. However, for some plugins, you may need to follow some additional steps, for example, using the WooCommerce Helper plugin for official WooCommerce plugins.

WordPress store security: 3. Keep regular backups

In case your store does get hacked, or gets damaged due to some other cause, it’s important to have frequent backups of your files so that you can restore your site to a state prior to the damage. Rather than manually backing up your files, you can invest in automated solutions like VaultPress (now part of Jetpack) to create backups, perform repairs, and restore your site.

WordPress store security: 4. Get SSL encryption

A secure sockets layer (SSL) protocol is used to encrypt transfer of information between your site and other servers. This helps to secure information like credit card numbers, personal customer details, and more. An SSL certificate from a recognized certificate authority on your site will not only add this security, but also show your customers that you care about their security by displaying the HTTPS in your site URL.

Learn more about SSL certificates in this post.

WordPress store security: 5. Purchase official plugins and themes

When you’re starting out your business and looking to add the right visual and functionality experience to your site, you may search for a number of different themes and plugins. However, if you know that a certain theme or plugin is premium, you may stumble upon sites offering the same plugin or theme for free.

In such cases, always purchase the premium plugin or theme from the official developer. This will make sure that no malicious code has been added to the products, you get access to support, and that you’re able to receive security fixes and feature updates. In the long run, the cost of official plugins and themes is a small price to pay.

WordPress store security: 6. Monitor login and changes

To prevent denial of service or brute force attacks on your site, and to monitor who logs in and makes changes to your store, you can use free plugins like the Sucuri Scanner to get notifications of unwanted activities. The plugin can help limit the login attempts for a username, send you email notifications when a login occurs or when something is updated on your site, amongst other things.

WordPress store security: 7. Use strong passwords

This is fairly straightforward. For all your users, make sure to create strong randomized passwords either through the WordPress password generator or through other apps. Simple easy-to-remember passwords can make your site easily vulnerable to hacks.

WordPress store security: 8. Pick the right hosting

Your hosting provider and plan can determine your site’s vulnerability. Shared hosting typically opens you up for more vulnerabilities, whereas private hosting or virtual private servers are more secure. In addition, managed hosting can help take away some of the tasks around backups and updates, making your site more secure.

WordPress store security: Summary

Your store’s security is something that can always be improved. These tips are some of the basic things you can do to beef up security on your store. Part of the security effort is to prevent hackers to gain access to your site, and part of the effort is to recover the site if it gets hacked.

What are some steps you take to secure your WordPress store? Is there something in particular that you think is extremely important? Please tell us in the comments below.

Note: This post may contain affiliate links, which means we get a commission from the plugin, theme, or service provider if you choose to purchase. Regardless of this, we are committed to providing high quality, unbiased resources. Have more questions? See our affiliate policy. You can use the plain links below if you prefer that we not receive a referral commission:

Posted by Jai Sangha

Jai is a regular contributor to Sell with WP, and helps merchants improve their WordPress eCommerce businesses with plugin reviews, marketing or customer service tips, and tutorials.


  1. […] 8 Tips to Improve Your WordPress Store Security […]

  2. Thanks for the detailed article!

    It goes without saying that prevention is the best course of action – keep WordPress, plugins and themes all up to date, harden WordPress by using security plugins such as Sucuri, and regularly backup your website.

    I also use a couple of other plugins such as WPS Hide Login and Login Lockdown as well as some code to block XML RPC etc… to further secure WordPress.

    If the website is key to your business also consider a CDN and web application firewall such as Cloudflare.

    Not all web hosts will automatically backup a website so do not assume they have a copy to restore for you. Ask the web host and take your own copy!

  3. Tailor Devid son March 2, 2017 at 1:03 am

    Awesome list of tips you shre here about wordpress security..valuable post for all the newbies in wordpress like me. Great job.

    1. Thanks! Appreciate it.

  4. Outstanding guide on e-commerce business!

Comments are closed.