SlideShare a Scribd company logo

Securing your WooCommerce Site

Jamie Schmid
Jamie Schmid

WordCamp Denver 2018

Internet
1 of 36
Download to read offline
SECURING YOUR WOOCOMMERCE SITE WORDCAMP DENVER 2018
Sitelock Community Evangelist WP Developer & Designer HI, I’M JAMIE SCHMID @jamieschmid @sitelock
IS YOUR SITE SECURE?
IS YOUR SITE SECURE? TICKETFLY’S WASN’T.
• External factors influencing your website decisions • Overview of a typical customer ecommerce journey • Security vulnerabilities, risks and solutions along the way WHAT WE’LL COVER:
• Laws ’n rules • Loading speed • Ease of payment processing • Need to save data for returning customers • Internal organization rules EXTERNAL FACTORS INFLUENCING YOUR WEBSITE DECISIONS
OVERVIEW OF A TYPICAL CUSTOMER ECOMMERCE JOURNEY
SECURITY VULNERABILITIES, RISKS AND SOLUTIONS ALONG THE WAY
User is on public wifi at a coffeeshop RISK •Use a VPN. •Force SSL. Browser settings: Always use HTTPS •Security software on her laptop •Use a VPN. •Force SSL. Browser settings: Always use HTTPS •Security software on her laptop SOLUTIONSRISKS • Man-in-the-Middle attack • The router WIFI may be unencrypted • Her OS may have malware • Someone may be snoopin’ & sniffin’ • The hotspot may be malicious
RISKS SOLUTIONS User is on public wifi at a coffeeshop SHE SHOULD: • Use a VPN. • Force SSL in her browser. Browser settings: Always use HTTPS • Have active security software on her laptop (Norton etc)
User navigates to online store SOLUTIONSRISKS • Your site may already be compromised • Is your site vulnerable to DDOS? • Are bots targeting your site? • Do you have a backup in case your site goes down?
User navigates to online store RISKS SOLUTIONS • SSL/HTTPS • 2 Step auth plugins: Authy, Duo, Google Authenticator • Login Lockdown plugin • SiteLock central dashboard for updates. ManageWP, InfiniteWP plugins.
RISKS SOLUTIONS • Have a good host with all your server software up to date. PHP7.2 is recommended by WordPress. • Use a firewall! • Access your site via SSH/SFTP • Automate backups! Updraft Plus, host-level backupsUser navigates to online store
RISKS SOLUTIONS • Application-level firewalls: SiteLock, Sucuri • WordPress firewalls: Jetpack, All-in-One, WordFence • CDN: SiteLock, CloudFlare, Jetpack • Malware watch and removal: SiteLock, Jetpack, Sucuri, iThemes, your host may offer this service for a charge • Fail2Ban plugin for brute force User lands on your site via a Facebook ad User lands on your site via a Facebook ad User navigates to online store
User enters her email in popup for 10% off with newsletter signup SOLUTIONSRISKS • Third party plugins are now loaded • WooCommerce, and any other third-party plugins or integrations, may not be secure • Your discount code may have been maliciously generated
User enters her email in popup for 10% off with newsletter signup RISKS SOLUTIONS • Keep all plugins, themes and core up to date • Fully vet your third party plugins! • Read reviews! • Use third-party plugins listed on the WooCommerce website
User reads product reviews SOLUTIONSRISKS • Are these real product reviews or full of spam advertising Viagra and discount Coach bags? • Is the personal information collected in reviews securely stored? • Do you have permission to be storing and collecting this information on users?
User reads product reviews RISKS SOLUTIONS • Gain user consent for collecting information (GDPR) • Do not allow bots to register on your site. Use (Re)Captcha, email validation, a honeypot. • Many form plugins include captcha options
User adds product to cart and clicks through to checkout SOLUTIONSRISKS • Is the checkout secure?? • Does the page contain malware that is collecting her data also/instead? • Are you processing card transactions on this site yourself? • Your site may not be secure enough to store payment information
RISKS SOLUTIONS • Make sure checkout is secure • SSL! You NEED that lock symbol! • PCI compliance, certified? • Use a trusted third party processor that stores information off-site User adds product to cart and clicks through to checkout
User enters shipping address SOLUTIONSRISKS • Card may be stolen - thief may be trying to send a product to their own address
RISKS SOLUTIONS • Use an AVS (Address Verification System) User enters shipping address
User creates new account SOLUTIONSRISKS • User’s account information is now linked to their email, name, address, password they used, potentially credit card info • User’s account information may already be compromised • User’s password may be easy to guess
RISKS SOLUTIONS User creates new account RISKS SOLUTIONS • Force secure passwords on new user accounts • Make sure you are not storing credit card data on the same server • Password management tool • Leave the credit card processing to the professionals. AND NEVER EMAIL PRIVATE CREDIT CARD DATA TO ANYONE.
User submits payment and order information SOLUTIONSRISKS • Is your checkout secure???
RISKS SOLUTIONS User submits payment and order information • SSL! You NEED that lock symbol! • PCI compliance, certified • Use a trusted third party processor that stores information off-site • Enforce strong password use: iThemes Security plugin, Force Strong Passwords plugin
User receives confirmation in email SOLUTIONSRISKS • Someone may have access to her email, enabling them to see all her account information and receipts
RISKS SOLUTIONS User receives confirmation in email • Never send user’s password via email • Do not include credit card information in email • Do not send logins or passwords via email
You may be tempted to skip out on security. Time or budget may be tight. Your client may not be convinced it is needed. DO NOT SKIP SECURITY! Website security is on you, the developer. Require security as part of your web development process. Educate clients on its importance. ECOMMERCE SITES ARE A LOT OF WORK.
NOTES • Use a VPN. • Force SSL in the browser. Browser settings: Always use HTTPS • Have active security software on your computer (Norton etc) • SSL/HTTPS on your site: You NEED that lock symbol! • Use a firewall! • - Application-level firewalls: SiteLock, Sucuri • WordPress firewalls: Jetpack, All-in-One, WordFence • Do not allow bots to register on your site. Use (Re)Captcha, email validation, a honeypot. • Many form plugins include captcha options • Access your site via SSH/SFTP BROWSING ON PUBLIC WIFI LOCK DOWN YOUR SITE
NOTES • 2 Step auth plugins: Authy, Duo, Google Authenticator • Login Lockdown plugin • Fail2Ban plugin for brute force • Enforce strong password use: iThemes Security plugin, Force Strong Passwords plugin • Password management tool • Have a good host with all your server software up to date. PHP7.2 is recommended by WordPress. • Automate backups! Updraft Plus, host-level backups • Gain user consent for collecting information (GDPR) LOG IN SECURELY PREVENTION
NOTES • Keep all plugins, themes and core up to date • Fully vet your third party plugins! • Use third-party plugins listed on the WooCommerce website • Read reviews! • Malware watch and removal: SiteLock, Jetpack, Sucuri, iThemes, your host may offer this service for a charge • SiteLock central dashboard for updates. ManageWP, InfiniteWP plugins. • Make sure checkout is secure! • PCI compliance, certified • Use a trusted third party processor that stores information off-site • Use an AVS (Address Verification System) UPDATE! PREVENTION
NOTES • Keep all plugins, themes and core up to date • Fully vet your third party plugins! • Use third-party plugins listed on the WooCommerce website • Read reviews! • Malware watch and removal: SiteLock, Jetpack, Sucuri, iThemes, your host may offer this service for a charge • SiteLock central dashboard for updates. ManageWP, InfiniteWP plugins. • Never send user’s password via email • Do not include credit card information in email • Do not send logins or passwords via email UPDATE! PREVENTION
TOGETHER WE CAN MAKE THE INTERNET A SAFER PLACE FOR EVERYBODY!
THANK YOU! SECURING YOUR WOOCOMMERCE SITE @jamieschmid

Recommended

Introduction to WooCommerce
Introduction to WooCommerceIntroduction to WooCommerce
Introduction to WooCommerceJamie Schmid
 
Why WooCommerce
Why WooCommerceWhy WooCommerce
Why WooCommerceChris Lema
 
An Overview of WooCommerce
An Overview of WooCommerceAn Overview of WooCommerce
An Overview of WooCommerceBobWP.com
 
Processing Client Payments from your WordPress Website
Processing Client Payments from your WordPress WebsiteProcessing Client Payments from your WordPress Website
Processing Client Payments from your WordPress WebsiteAndrew Marks
 
Introduction to WooCommerce
Introduction to WooCommerce Introduction to WooCommerce
Introduction to WooCommerce Dat Hoang
 
Shopify
ShopifyShopify
ShopifyHananBahy
 
Selling WooCommerce
Selling WooCommerceSelling WooCommerce
Selling WooCommerceChris Lema
 
BA 65 Hour 6 ~ Business Operations and Practice
BA 65 Hour 6 ~ Business Operations and PracticeBA 65 Hour 6 ~ Business Operations and Practice
BA 65 Hour 6 ~ Business Operations and Practicedpd
 

Recommended

Introduction to WooCommerce
Introduction to WooCommerceIntroduction to WooCommerce
Introduction to WooCommerceJamie Schmid
 
Why WooCommerce
Why WooCommerceWhy WooCommerce
Why WooCommerceChris Lema
 
An Overview of WooCommerce
An Overview of WooCommerceAn Overview of WooCommerce
An Overview of WooCommerceBobWP.com
 
Processing Client Payments from your WordPress Website
Processing Client Payments from your WordPress WebsiteProcessing Client Payments from your WordPress Website
Processing Client Payments from your WordPress WebsiteAndrew Marks
 
Introduction to WooCommerce
Introduction to WooCommerce Introduction to WooCommerce
Introduction to WooCommerce Dat Hoang
 
Shopify
ShopifyShopify
ShopifyHananBahy
 
Selling WooCommerce
Selling WooCommerceSelling WooCommerce
Selling WooCommerceChris Lema
 
BA 65 Hour 6 ~ Business Operations and Practice
BA 65 Hour 6 ~ Business Operations and PracticeBA 65 Hour 6 ~ Business Operations and Practice
BA 65 Hour 6 ~ Business Operations and Practicedpd
 
BA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce SiteBA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce Sitedpd
 
BA 65 Hour 04 Promoting Your Site
BA 65 Hour 04 Promoting Your SiteBA 65 Hour 04 Promoting Your Site
BA 65 Hour 04 Promoting Your Sitedpd
 
Shopify Dropshipping Guide - Why Use Shopify
Shopify Dropshipping Guide - Why Use ShopifyShopify Dropshipping Guide - Why Use Shopify
Shopify Dropshipping Guide - Why Use ShopifyIlya Bilbao
 
How This Whole Internet Marketing thing Works
How This Whole Internet Marketing thing WorksHow This Whole Internet Marketing thing Works
How This Whole Internet Marketing thing WorksQuentin Brown
 
How to Grow your Business with Ecommerce
How to Grow your Business with EcommerceHow to Grow your Business with Ecommerce
How to Grow your Business with EcommerceJessilicious.com
 
50+ Shopify Tools to Grow and Manage Your eCommerce Business
50+ Shopify Tools to Grow and Manage Your eCommerce Business50+ Shopify Tools to Grow and Manage Your eCommerce Business
50+ Shopify Tools to Grow and Manage Your eCommerce BusinessPixc
 
Making money with fashion
Making money with fashionMaking money with fashion
Making money with fashionSuneva Lightfoot
 
PowerPoint
PowerPointPowerPoint
PowerPointwebhostingguy
 
Web design and development
Web design and developmentWeb design and development
Web design and developmentGlorywebs Creatives Pvt. Ltd.
 
Three Ways to Sell Online
Three Ways to Sell OnlineThree Ways to Sell Online
Three Ways to Sell OnlineAnn Treacy
 
E-commerce User Experience
E-commerce User ExperienceE-commerce User Experience
E-commerce User ExperienceAntonio Volpon
 
Awesome WooCommerce eCommerce Plugins for Wordpress website
Awesome WooCommerce eCommerce Plugins for Wordpress websiteAwesome WooCommerce eCommerce Plugins for Wordpress website
Awesome WooCommerce eCommerce Plugins for Wordpress websiteSem Jacobs
 
Shopify & Shopify Plus Ecommerce Development Experts
Shopify & Shopify Plus Ecommerce Development Experts Shopify & Shopify Plus Ecommerce Development Experts
Shopify & Shopify Plus Ecommerce Development Experts Folio3 Software
 
WooCommerce
WooCommerceWooCommerce
WooCommerceJoshua Copeland
 
Shopify
ShopifyShopify
ShopifyNascenia IT
 
Magento 2 Reward Point
Magento 2 Reward PointMagento 2 Reward Point
Magento 2 Reward PointLandofcoder
 
Wagga Digital Enterprise Training Session 4 (eCommerce)
Wagga Digital Enterprise Training Session 4 (eCommerce)Wagga Digital Enterprise Training Session 4 (eCommerce)
Wagga Digital Enterprise Training Session 4 (eCommerce)Dan Winson
 
Ajax login magento extension
Ajax login magento extensionAjax login magento extension
Ajax login magento extensionEmilyPhan21291
 
Getting started with shopify
Getting started with shopifyGetting started with shopify
Getting started with shopifyShopify
 
Selling in Person with Shopify
Selling in Person with ShopifySelling in Person with Shopify
Selling in Person with ShopifyShopify
 
WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018Jamie Schmid
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 

More Related Content

What's hot

BA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce SiteBA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce Sitedpd
 
BA 65 Hour 04 Promoting Your Site
BA 65 Hour 04 Promoting Your SiteBA 65 Hour 04 Promoting Your Site
BA 65 Hour 04 Promoting Your Sitedpd
 
Shopify Dropshipping Guide - Why Use Shopify
Shopify Dropshipping Guide - Why Use ShopifyShopify Dropshipping Guide - Why Use Shopify
Shopify Dropshipping Guide - Why Use ShopifyIlya Bilbao
 
How This Whole Internet Marketing thing Works
How This Whole Internet Marketing thing WorksHow This Whole Internet Marketing thing Works
How This Whole Internet Marketing thing WorksQuentin Brown
 
How to Grow your Business with Ecommerce
How to Grow your Business with EcommerceHow to Grow your Business with Ecommerce
How to Grow your Business with EcommerceJessilicious.com
 
50+ Shopify Tools to Grow and Manage Your eCommerce Business
50+ Shopify Tools to Grow and Manage Your eCommerce Business50+ Shopify Tools to Grow and Manage Your eCommerce Business
50+ Shopify Tools to Grow and Manage Your eCommerce BusinessPixc
 
Three Ways to Sell Online
Three Ways to Sell OnlineThree Ways to Sell Online
Three Ways to Sell OnlineAnn Treacy
 
E-commerce User Experience
E-commerce User ExperienceE-commerce User Experience
E-commerce User ExperienceAntonio Volpon
 
Awesome WooCommerce eCommerce Plugins for Wordpress website
Awesome WooCommerce eCommerce Plugins for Wordpress websiteAwesome WooCommerce eCommerce Plugins for Wordpress website
Awesome WooCommerce eCommerce Plugins for Wordpress websiteSem Jacobs
 
Shopify & Shopify Plus Ecommerce Development Experts
Shopify & Shopify Plus Ecommerce Development Experts Shopify & Shopify Plus Ecommerce Development Experts
Shopify & Shopify Plus Ecommerce Development Experts Folio3 Software
 
Magento 2 Reward Point
Magento 2 Reward PointMagento 2 Reward Point
Magento 2 Reward PointLandofcoder
 
Wagga Digital Enterprise Training Session 4 (eCommerce)
Wagga Digital Enterprise Training Session 4 (eCommerce)Wagga Digital Enterprise Training Session 4 (eCommerce)
Wagga Digital Enterprise Training Session 4 (eCommerce)Dan Winson
 
Ajax login magento extension
Ajax login magento extensionAjax login magento extension
Ajax login magento extensionEmilyPhan21291
 
Getting started with shopify
Getting started with shopifyGetting started with shopify
Getting started with shopifyShopify
 
Selling in Person with Shopify
Selling in Person with ShopifySelling in Person with Shopify
Selling in Person with ShopifyShopify
 

What's hot (20)

BA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce SiteBA 65 Hour 5 ~ Creating an Ecommerce Site
BA 65 Hour 5 ~ Creating an Ecommerce Site
 
BA 65 Hour 04 Promoting Your Site
BA 65 Hour 04 Promoting Your SiteBA 65 Hour 04 Promoting Your Site
BA 65 Hour 04 Promoting Your Site
 
Shopify Dropshipping Guide - Why Use Shopify
Shopify Dropshipping Guide - Why Use ShopifyShopify Dropshipping Guide - Why Use Shopify
Shopify Dropshipping Guide - Why Use Shopify
 
How This Whole Internet Marketing thing Works
How This Whole Internet Marketing thing WorksHow This Whole Internet Marketing thing Works
How This Whole Internet Marketing thing Works
 
How to Grow your Business with Ecommerce
How to Grow your Business with EcommerceHow to Grow your Business with Ecommerce
How to Grow your Business with Ecommerce
 
50+ Shopify Tools to Grow and Manage Your eCommerce Business
50+ Shopify Tools to Grow and Manage Your eCommerce Business50+ Shopify Tools to Grow and Manage Your eCommerce Business
50+ Shopify Tools to Grow and Manage Your eCommerce Business
 
Making money with fashion
Making money with fashionMaking money with fashion
Making money with fashion
 
PowerPoint
PowerPointPowerPoint
PowerPoint
 
Web design and development
Web design and developmentWeb design and development
Web design and development
 
Three Ways to Sell Online
Three Ways to Sell OnlineThree Ways to Sell Online
Three Ways to Sell Online
 
E-commerce User Experience
E-commerce User ExperienceE-commerce User Experience
E-commerce User Experience
 
Awesome WooCommerce eCommerce Plugins for Wordpress website
Awesome WooCommerce eCommerce Plugins for Wordpress websiteAwesome WooCommerce eCommerce Plugins for Wordpress website
Awesome WooCommerce eCommerce Plugins for Wordpress website
 
Shopify & Shopify Plus Ecommerce Development Experts
Shopify & Shopify Plus Ecommerce Development Experts Shopify & Shopify Plus Ecommerce Development Experts
Shopify & Shopify Plus Ecommerce Development Experts
 
WooCommerce
WooCommerceWooCommerce
WooCommerce
 
Shopify
ShopifyShopify
Shopify
 
Magento 2 Reward Point
Magento 2 Reward PointMagento 2 Reward Point
Magento 2 Reward Point
 
Wagga Digital Enterprise Training Session 4 (eCommerce)
Wagga Digital Enterprise Training Session 4 (eCommerce)Wagga Digital Enterprise Training Session 4 (eCommerce)
Wagga Digital Enterprise Training Session 4 (eCommerce)
 
Ajax login magento extension
Ajax login magento extensionAjax login magento extension
Ajax login magento extension
 
Getting started with shopify
Getting started with shopifyGetting started with shopify
Getting started with shopify
 
Selling in Person with Shopify
Selling in Person with ShopifySelling in Person with Shopify
Selling in Person with Shopify
 

Similar to Securing your WooCommerce Site

WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018Jamie Schmid
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
Gaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerceGaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerceAndrew Wikel
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slidesJim Kaplan CIA CFE
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 
WordPress e-Commerce by Steve Mortiboy
WordPress e-Commerce by Steve MortiboyWordPress e-Commerce by Steve Mortiboy
WordPress e-Commerce by Steve MortiboySteve Mortiboy
 
Website essentials things every library website should have
Website essentials things every library website should haveWebsite essentials things every library website should have
Website essentials things every library website should haveBrian Pichman
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012Cyren, Inc
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsSam Bowne
 
Quant studio login
Quant studio loginQuant studio login
Quant studio loginVishal Doshi
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02amiinaaa
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Securitysecuriously
 

Similar to Securing your WooCommerce Site (20)

WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP Meetup
 
Gaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerceGaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerce
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security Basics
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slides
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to go
 
WordPress e-Commerce by Steve Mortiboy
WordPress e-Commerce by Steve MortiboyWordPress e-Commerce by Steve Mortiboy
WordPress e-Commerce by Steve Mortiboy
 
Website essentials things every library website should have
Website essentials things every library website should haveWebsite essentials things every library website should have
Website essentials things every library website should have
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Quant studio login
Quant studio loginQuant studio login
Quant studio login
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Security
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Managed WordPress Demystified
Managed WordPress DemystifiedManaged WordPress Demystified
Managed WordPress Demystified
 

More from Jamie Schmid

Content Architectures in WordPress 5
Content Architectures in WordPress 5Content Architectures in WordPress 5
Content Architectures in WordPress 5Jamie Schmid
 
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019Jamie Schmid
 
Dont Break Live lightning talk
Dont Break Live lightning talkDont Break Live lightning talk
Dont Break Live lightning talkJamie Schmid
 
Remote Project Management WordCamp OC 2018
Remote Project Management WordCamp OC 2018Remote Project Management WordCamp OC 2018
Remote Project Management WordCamp OC 2018Jamie Schmid
 
YAY I'm Working Remotely! Now What?
YAY I'm Working Remotely! Now What?YAY I'm Working Remotely! Now What?
YAY I'm Working Remotely! Now What?Jamie Schmid
 
Making Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsMaking Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsJamie Schmid
 
Making Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsMaking Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsJamie Schmid
 
Introduction to Content Strategy: SANDCamp 2018
Introduction to Content Strategy: SANDCamp 2018Introduction to Content Strategy: SANDCamp 2018
Introduction to Content Strategy: SANDCamp 2018Jamie Schmid
 
Content Doesn't Grow on Trees - An Introduction to Content Strategy
Content Doesn't Grow on Trees - An Introduction to Content StrategyContent Doesn't Grow on Trees - An Introduction to Content Strategy
Content Doesn't Grow on Trees - An Introduction to Content StrategyJamie Schmid
 
Introduction to Custom WordPress Themeing
Introduction to Custom WordPress ThemeingIntroduction to Custom WordPress Themeing
Introduction to Custom WordPress ThemeingJamie Schmid
 
Introduction to Content Strategy - WordCamp Montreal 2016
Introduction to Content Strategy - WordCamp Montreal 2016Introduction to Content Strategy - WordCamp Montreal 2016
Introduction to Content Strategy - WordCamp Montreal 2016Jamie Schmid
 
Content Architecture in WordPress
Content Architecture in WordPressContent Architecture in WordPress
Content Architecture in WordPressJamie Schmid
 
Content Doesn't Grow on Trees - Intruduction to Content Strategy
Content Doesn't Grow on Trees - Intruduction to Content StrategyContent Doesn't Grow on Trees - Intruduction to Content Strategy
Content Doesn't Grow on Trees - Intruduction to Content StrategyJamie Schmid
 
WCCBUS 2015 - Content Architecture in WordPress
WCCBUS 2015 - Content Architecture in WordPressWCCBUS 2015 - Content Architecture in WordPress
WCCBUS 2015 - Content Architecture in WordPressJamie Schmid
 
Structuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsStructuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsJamie Schmid
 
Structuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsStructuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsJamie Schmid
 
WordPress Beginner: Choosing & Customizing Your Theme
WordPress Beginner: Choosing & Customizing Your ThemeWordPress Beginner: Choosing & Customizing Your Theme
WordPress Beginner: Choosing & Customizing Your ThemeJamie Schmid
 
Structuring Content in WordPress: Against All the Odds
Structuring Content in WordPress: Against All the OddsStructuring Content in WordPress: Against All the Odds
Structuring Content in WordPress: Against All the OddsJamie Schmid
 
Structuring Content in Wordpress
Structuring Content in WordpressStructuring Content in Wordpress
Structuring Content in WordpressJamie Schmid
 
The Administrative Backend - Designing an Experience for the OTHER Users!
The Administrative Backend - Designing an Experience for the OTHER Users!The Administrative Backend - Designing an Experience for the OTHER Users!
The Administrative Backend - Designing an Experience for the OTHER Users!Jamie Schmid
 

More from Jamie Schmid (20)

Content Architectures in WordPress 5
Content Architectures in WordPress 5Content Architectures in WordPress 5
Content Architectures in WordPress 5
 
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
 
Dont Break Live lightning talk
Dont Break Live lightning talkDont Break Live lightning talk
Dont Break Live lightning talk
 
Remote Project Management WordCamp OC 2018
Remote Project Management WordCamp OC 2018Remote Project Management WordCamp OC 2018
Remote Project Management WordCamp OC 2018
 
YAY I'm Working Remotely! Now What?
YAY I'm Working Remotely! Now What?YAY I'm Working Remotely! Now What?
YAY I'm Working Remotely! Now What?
 
Making Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsMaking Security Make Sense to Users and Clients
Making Security Make Sense to Users and Clients
 
Making Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsMaking Security Make Sense to Users and Clients
Making Security Make Sense to Users and Clients
 
Introduction to Content Strategy: SANDCamp 2018
Introduction to Content Strategy: SANDCamp 2018Introduction to Content Strategy: SANDCamp 2018
Introduction to Content Strategy: SANDCamp 2018
 
Content Doesn't Grow on Trees - An Introduction to Content Strategy
Content Doesn't Grow on Trees - An Introduction to Content StrategyContent Doesn't Grow on Trees - An Introduction to Content Strategy
Content Doesn't Grow on Trees - An Introduction to Content Strategy
 
Introduction to Custom WordPress Themeing
Introduction to Custom WordPress ThemeingIntroduction to Custom WordPress Themeing
Introduction to Custom WordPress Themeing
 
Introduction to Content Strategy - WordCamp Montreal 2016
Introduction to Content Strategy - WordCamp Montreal 2016Introduction to Content Strategy - WordCamp Montreal 2016
Introduction to Content Strategy - WordCamp Montreal 2016
 
Content Architecture in WordPress
Content Architecture in WordPressContent Architecture in WordPress
Content Architecture in WordPress
 
Content Doesn't Grow on Trees - Intruduction to Content Strategy
Content Doesn't Grow on Trees - Intruduction to Content StrategyContent Doesn't Grow on Trees - Intruduction to Content Strategy
Content Doesn't Grow on Trees - Intruduction to Content Strategy
 
WCCBUS 2015 - Content Architecture in WordPress
WCCBUS 2015 - Content Architecture in WordPressWCCBUS 2015 - Content Architecture in WordPress
WCCBUS 2015 - Content Architecture in WordPress
 
Structuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsStructuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom Fields
 
Structuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsStructuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom Fields
 
WordPress Beginner: Choosing & Customizing Your Theme
WordPress Beginner: Choosing & Customizing Your ThemeWordPress Beginner: Choosing & Customizing Your Theme
WordPress Beginner: Choosing & Customizing Your Theme
 
Structuring Content in WordPress: Against All the Odds
Structuring Content in WordPress: Against All the OddsStructuring Content in WordPress: Against All the Odds
Structuring Content in WordPress: Against All the Odds
 
Structuring Content in Wordpress
Structuring Content in WordpressStructuring Content in Wordpress
Structuring Content in Wordpress
 
The Administrative Backend - Designing an Experience for the OTHER Users!
The Administrative Backend - Designing an Experience for the OTHER Users!The Administrative Backend - Designing an Experience for the OTHER Users!
The Administrative Backend - Designing an Experience for the OTHER Users!
 

Recently uploaded

办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 

Recently uploaded (20)

办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 

Securing your WooCommerce Site

  • 2. Sitelock Community Evangelist WP Developer & Designer HI, I’M JAMIE SCHMID @jamieschmid @sitelock
  • 3. IS YOUR SITE SECURE?
  • 4. IS YOUR SITE SECURE? TICKETFLY’S WASN’T.
  • 5. • External factors influencing your website decisions • Overview of a typical customer ecommerce journey • Security vulnerabilities, risks and solutions along the way WHAT WE’LL COVER:
  • 6. • Laws ’n rules • Loading speed • Ease of payment processing • Need to save data for returning customers • Internal organization rules EXTERNAL FACTORS INFLUENCING YOUR WEBSITE DECISIONS
  • 8.
  • 10. User is on public wifi at a coffeeshop RISK •Use a VPN. •Force SSL. Browser settings: Always use HTTPS •Security software on her laptop •Use a VPN. •Force SSL. Browser settings: Always use HTTPS •Security software on her laptop SOLUTIONSRISKS • Man-in-the-Middle attack • The router WIFI may be unencrypted • Her OS may have malware • Someone may be snoopin’ & sniffin’ • The hotspot may be malicious
  • 11. RISKS SOLUTIONS User is on public wifi at a coffeeshop SHE SHOULD: • Use a VPN. • Force SSL in her browser. Browser settings: Always use HTTPS • Have active security software on her laptop (Norton etc)
  • 12. User navigates to online store SOLUTIONSRISKS • Your site may already be compromised • Is your site vulnerable to DDOS? • Are bots targeting your site? • Do you have a backup in case your site goes down?
  • 13. User navigates to online store RISKS SOLUTIONS • SSL/HTTPS • 2 Step auth plugins: Authy, Duo, Google Authenticator • Login Lockdown plugin • SiteLock central dashboard for updates. ManageWP, InfiniteWP plugins.
  • 14. RISKS SOLUTIONS • Have a good host with all your server software up to date. PHP7.2 is recommended by WordPress. • Use a firewall! • Access your site via SSH/SFTP • Automate backups! Updraft Plus, host-level backupsUser navigates to online store
  • 15. RISKS SOLUTIONS • Application-level firewalls: SiteLock, Sucuri • WordPress firewalls: Jetpack, All-in-One, WordFence • CDN: SiteLock, CloudFlare, Jetpack • Malware watch and removal: SiteLock, Jetpack, Sucuri, iThemes, your host may offer this service for a charge • Fail2Ban plugin for brute force User lands on your site via a Facebook ad User lands on your site via a Facebook ad User navigates to online store
  • 16. User enters her email in popup for 10% off with newsletter signup SOLUTIONSRISKS • Third party plugins are now loaded • WooCommerce, and any other third-party plugins or integrations, may not be secure • Your discount code may have been maliciously generated
  • 17. User enters her email in popup for 10% off with newsletter signup RISKS SOLUTIONS • Keep all plugins, themes and core up to date • Fully vet your third party plugins! • Read reviews! • Use third-party plugins listed on the WooCommerce website
  • 18. User reads product reviews SOLUTIONSRISKS • Are these real product reviews or full of spam advertising Viagra and discount Coach bags? • Is the personal information collected in reviews securely stored? • Do you have permission to be storing and collecting this information on users?
  • 19. User reads product reviews RISKS SOLUTIONS • Gain user consent for collecting information (GDPR) • Do not allow bots to register on your site. Use (Re)Captcha, email validation, a honeypot. • Many form plugins include captcha options
  • 20. User adds product to cart and clicks through to checkout SOLUTIONSRISKS • Is the checkout secure?? • Does the page contain malware that is collecting her data also/instead? • Are you processing card transactions on this site yourself? • Your site may not be secure enough to store payment information
  • 21. RISKS SOLUTIONS • Make sure checkout is secure • SSL! You NEED that lock symbol! • PCI compliance, certified? • Use a trusted third party processor that stores information off-site User adds product to cart and clicks through to checkout
  • 22. User enters shipping address SOLUTIONSRISKS • Card may be stolen - thief may be trying to send a product to their own address
  • 23. RISKS SOLUTIONS • Use an AVS (Address Verification System) User enters shipping address
  • 24. User creates new account SOLUTIONSRISKS • User’s account information is now linked to their email, name, address, password they used, potentially credit card info • User’s account information may already be compromised • User’s password may be easy to guess
  • 25. RISKS SOLUTIONS User creates new account RISKS SOLUTIONS • Force secure passwords on new user accounts • Make sure you are not storing credit card data on the same server • Password management tool • Leave the credit card processing to the professionals. AND NEVER EMAIL PRIVATE CREDIT CARD DATA TO ANYONE.
  • 26. User submits payment and order information SOLUTIONSRISKS • Is your checkout secure???
  • 27. RISKS SOLUTIONS User submits payment and order information • SSL! You NEED that lock symbol! • PCI compliance, certified • Use a trusted third party processor that stores information off-site • Enforce strong password use: iThemes Security plugin, Force Strong Passwords plugin
  • 28. User receives confirmation in email SOLUTIONSRISKS • Someone may have access to her email, enabling them to see all her account information and receipts
  • 29. RISKS SOLUTIONS User receives confirmation in email • Never send user’s password via email • Do not include credit card information in email • Do not send logins or passwords via email
  • 30. You may be tempted to skip out on security. Time or budget may be tight. Your client may not be convinced it is needed. DO NOT SKIP SECURITY! Website security is on you, the developer. Require security as part of your web development process. Educate clients on its importance. ECOMMERCE SITES ARE A LOT OF WORK.
  • 31. NOTES • Use a VPN. • Force SSL in the browser. Browser settings: Always use HTTPS • Have active security software on your computer (Norton etc) • SSL/HTTPS on your site: You NEED that lock symbol! • Use a firewall! • - Application-level firewalls: SiteLock, Sucuri • WordPress firewalls: Jetpack, All-in-One, WordFence • Do not allow bots to register on your site. Use (Re)Captcha, email validation, a honeypot. • Many form plugins include captcha options • Access your site via SSH/SFTP BROWSING ON PUBLIC WIFI LOCK DOWN YOUR SITE
  • 32. NOTES • 2 Step auth plugins: Authy, Duo, Google Authenticator • Login Lockdown plugin • Fail2Ban plugin for brute force • Enforce strong password use: iThemes Security plugin, Force Strong Passwords plugin • Password management tool • Have a good host with all your server software up to date. PHP7.2 is recommended by WordPress. • Automate backups! Updraft Plus, host-level backups • Gain user consent for collecting information (GDPR) LOG IN SECURELY PREVENTION
  • 33. NOTES • Keep all plugins, themes and core up to date • Fully vet your third party plugins! • Use third-party plugins listed on the WooCommerce website • Read reviews! • Malware watch and removal: SiteLock, Jetpack, Sucuri, iThemes, your host may offer this service for a charge • SiteLock central dashboard for updates. ManageWP, InfiniteWP plugins. • Make sure checkout is secure! • PCI compliance, certified • Use a trusted third party processor that stores information off-site • Use an AVS (Address Verification System) UPDATE! PREVENTION
  • 34. NOTES • Keep all plugins, themes and core up to date • Fully vet your third party plugins! • Use third-party plugins listed on the WooCommerce website • Read reviews! • Malware watch and removal: SiteLock, Jetpack, Sucuri, iThemes, your host may offer this service for a charge • SiteLock central dashboard for updates. ManageWP, InfiniteWP plugins. • Never send user’s password via email • Do not include credit card information in email • Do not send logins or passwords via email UPDATE! PREVENTION
  • 35. TOGETHER WE CAN MAKE THE INTERNET A SAFER PLACE FOR EVERYBODY!