SlideShare a Scribd company logo

Securing WooCommerce Sites

Jamie Schmid
Jamie Schmid

The document discusses securing a WooCommerce ecommerce site. It outlines the typical customer journey on an ecommerce site and identifies security risks and solutions at each step, including using public WiFi, landing on the site, entering personal information, making purchases, and sharing purchases. It emphasizes the importance of security best practices like SSL/HTTPS, strong passwords, keeping software updated, firewalls, backups, and avoiding skipping security measures for any reason. The overall message is that website security is critical and developers must require it as part of the development process.

Internet
1 of 35
Download to read offline
SECURING YOUR WOOCOMMERCE SITE WORDCAMP OC 2018
Sitelock Community Evangelist WP Developer & Designer HI, I’M JAMIE SCHMID @jamieschmid @sitelock
IS YOUR SITE SECURE?
IS YOUR SITE SECURE? TICKETFLY’S WASN’T.
• External factors influencing your website decisions • Overview of a typical customer ecommerce journey • Security vulnerabilities, risks and solutions along the way WHAT WE’LL COVER:
• GDPR • loading speed • ease of payment processing • need to save data for returning customers • internal organization rules EXTERNAL FACTORS INFLUENCING YOUR WEBSITE DECISIONS
OVERVIEW OF A TYPICAL CUSTOMER ECOMMERCE JOURNEY
SECURITY VULNERABILITIES, RISKS AND SOLUTIONS ALONG THE WAY
User is on public wifi at a coffeeshop RISK •Use a VPN. •Force SSL. Browser settings: Always use HTTPS •Security software on her laptop •Use a VPN. •Force SSL. Browser settings: Always use HTTPS •Security software on her laptop SOLUTIONSRISKS • Man-in-the-Middle attack • The router may be unencrypted • Her OS may have malware • Someone may be snoopin’ & sniffin’ • The hotspot may be malicious
RISKS SOLUTIONS User is on public wifi at a coffeeshop SHE SHOULD: • Use a VPN. • Force SSL in her browser. Browser settings: Always use HTTPS • Have active security software on her laptop (Norton etc)
SOLUTIONSRISKS • Lead data is recorded by Facebook and analytics • Username enumeration • Passwords may not be stored securely • Host may not be secure User lands on your site via a Facebook ad
SOLUTIONSRISKS • Your site may already be compromised • Is your site vulnerable to DDOS? • Are bots targeting your site? • Do you have a backup in case your site goes down? User lands on your site via a Facebook ad
RISKS SOLUTIONS • SSL/HTTPS • Admins have strong passwords/login info, no password reuse! • Lockout policy/login lockdown in place • Keep core, all plugins and themes up-to-date • Use 2 Step AuthUser lands on your site via a Facebook ad
RISKS SOLUTIONS • 2 Step auth plugins: Authy, Duo, Google Authenticator • Login Lockdown plugin • SiteLock central dashboard for updates. ManageWP, InfiniteWP plugins. User lands on your site via a Facebook ad
RISKS SOLUTIONS • Have a good host with all your server software up to date. PHP7 is recommended by WordPress. • Use a firewall! • Access your site via SSH/SFTP • Automate backups! Updraft Plus, host-level backupsUser lands on your site via a Facebook ad
RISKS SOLUTIONS • Application-level firewalls: SiteLock, Sucuri • WordPress firewalls: Jetpack, All-in-One, WordFence • CDN: SiteLock, CloudFlare, Jetpack • Malware watch and removal: SiteLock, Jetpack, Sucuri, iThemes, your host may offer this service for a charge • Fail2Ban plugin for brute force User lands on your site via a Facebook ad
User enters her email in popup for 10% off with newsletter signup SOLUTIONSRISKS • Third party plugins are now loaded • WooCommerce, and any other third-party plugins or integrations, may not be secure • Her email info may not be securely stored • Your discount code may have been maliciously generated
User enters her email in popup for 10% off with newsletter signup RISKS SOLUTIONS • Keep all plugins up to date • Fully vet your third party plugins! • Use plugins in the WordPress repository • Read reviews! • Use third-party plugins listed on the WooCommerce website
User reads product reviews SOLUTIONSRISKS • Are these real product reviews or full of spam advertising Viagra and discount Coach bags? • Is the personal information collected in reviews securely stored? • Do you have permission to be storing and collecting this information on users?
User reads product reviews RISKS SOLUTIONS • Gain user consent for collecting information • Do not allow bots to register on your site. Use Captcha, email validation, a honeypot. • Many form plugins include captcha options
User clicks through to checkout SOLUTIONSRISKS • Checkout could be intercepted by a third party • Credit card data could be stolen • Payment processor may not be secure
User clicks through to checkout RISKS SOLUTIONS • Make sure checkout is secure • SSL! You NEED that lock symbol! • PCI compliance, certified • Use a trusted third party processor that stores information off-site
User creates new account SOLUTIONSRISKS • User’s account information is now linked to their email, name, address, password they used, potentially credit card info • User’s account information may already be compromised • User’s password may be easy to guess
RISKS SOLUTIONS User creates new account RISKS SOLUTIONS • Force secure passwords on new user accounts • Make sure you are not storing credit card data on the same server • Make sure your database is on a different server from your website
User submits payment and order information SOLUTIONSRISKS • Is your checkout secure???
RISKS SOLUTIONS User submits payment and order information • SSL! You NEED that lock symbol! • PCI compliance, certified • Use a trusted third party processor that stores information off-site • Enforce strong password use: iThemes Security plugin, Force Strong Passwords plugin
RISKS SOLUTIONS User submits payment and order information • SSL: Let’s Encrypt, wildcard, go with a host who offers SSL! • Enforce strong password use: iThemes Security plugin, Force Strong Passwords plugin
User receives confirmation in email SOLUTIONSRISKS • Someone may have access to her email, enabling them to see all her account information and receipts
RISKS SOLUTIONS User receives confirmation in email • Never send user’s password via email • Do not include credit card information in email
User shares her purchase on Facebook SOLUTIONSRISKS • Connection may be insecure • Plugin may be insecure
User shares her purchase on Facebook SOLUTIONSRISKS • Use a secure connection to authenticate to Facebook • Use a trusted third party plugin if you are not an API developer • ShareIt!
You may be tempted to skip out on security. Time or budget may be tight. Your client may not be convinced it is needed. DO NOT SKIP SECURITY! Website security is on you, the developer. Require security as part of your web development process. Educate clients on its importance. ECOMMERCE SITES ARE A LOT OF WORK.
TOGETHER WE CAN MAKE THE INTERNET A SAFER PLACE FOR EVERYBODY!
THANK YOU! SECURING YOUR WOOCOMMERCE SITE @jamieschmid

Recommended

My website is live now what?
My website is live now what?My website is live now what?
My website is live now what?Michele Butcher-Jones
 
Making Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsMaking Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsJamie Schmid
 
Staying Online: Keeping Your Website Safe and Secure
Staying Online: Keeping Your Website Safe and SecureStaying Online: Keeping Your Website Safe and Secure
Staying Online: Keeping Your Website Safe and SecureLiam Dempsey
 
Build a WordPress.com Website
Build a WordPress.com WebsiteBuild a WordPress.com Website
Build a WordPress.com Websitemwfordesigns
 
Managed WordPress Demystified
Managed WordPress DemystifiedManaged WordPress Demystified
Managed WordPress DemystifiedNewPath Consulting (Technology for Small Business)
 
Ecomm 101
Ecomm 101Ecomm 101
Ecomm 101Al Davis
 
wordpress training | wordpress certification | wordpress training course | wo...
wordpress training | wordpress certification | wordpress training course | wo...wordpress training | wordpress certification | wordpress training course | wo...
wordpress training | wordpress certification | wordpress training course | wo...Nancy Thomas
 
Security Webinar: Harden the Heart of Your WordPress SiteSe
Security Webinar: Harden the Heart of Your WordPress SiteSeSecurity Webinar: Harden the Heart of Your WordPress SiteSe
Security Webinar: Harden the Heart of Your WordPress SiteSeWP Engine
 

Recommended

My website is live now what?
My website is live now what?My website is live now what?
My website is live now what?Michele Butcher-Jones
 
Making Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsMaking Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsJamie Schmid
 
Staying Online: Keeping Your Website Safe and Secure
Staying Online: Keeping Your Website Safe and SecureStaying Online: Keeping Your Website Safe and Secure
Staying Online: Keeping Your Website Safe and SecureLiam Dempsey
 
Build a WordPress.com Website
Build a WordPress.com WebsiteBuild a WordPress.com Website
Build a WordPress.com Websitemwfordesigns
 
Managed WordPress Demystified
Managed WordPress DemystifiedManaged WordPress Demystified
Managed WordPress DemystifiedNewPath Consulting (Technology for Small Business)
 
Ecomm 101
Ecomm 101Ecomm 101
Ecomm 101Al Davis
 
wordpress training | wordpress certification | wordpress training course | wo...
wordpress training | wordpress certification | wordpress training course | wo...wordpress training | wordpress certification | wordpress training course | wo...
wordpress training | wordpress certification | wordpress training course | wo...Nancy Thomas
 
Security Webinar: Harden the Heart of Your WordPress SiteSe
Security Webinar: Harden the Heart of Your WordPress SiteSeSecurity Webinar: Harden the Heart of Your WordPress SiteSe
Security Webinar: Harden the Heart of Your WordPress SiteSeWP Engine
 
WCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art StoreWCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art StoreSuzette Franck
 
WordPress Development in the Enterprise
WordPress Development in the EnterpriseWordPress Development in the Enterprise
WordPress Development in the EnterpriseIan Oeschger
 
Word press 2017 hosting
Word press 2017 hostingWord press 2017 hosting
Word press 2017 hostingAshley Cribb
 
Wordcamp Wilmington Wordpress 101
Wordcamp Wilmington Wordpress 101Wordcamp Wilmington Wordpress 101
Wordcamp Wilmington Wordpress 101Jared McMullin
 
Top Insights for Your WordPress Site
Top Insights for Your WordPress SiteTop Insights for Your WordPress Site
Top Insights for Your WordPress SiteWP Engine
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site MuhammadUsaid2
 
WordPress.com vs WordPress.org - How to Choose Your Host
WordPress.com vs WordPress.org - How to Choose Your HostWordPress.com vs WordPress.org - How to Choose Your Host
WordPress.com vs WordPress.org - How to Choose Your Hostlimesquare
 
More Multisite for the Masses
More Multisite for the MassesMore Multisite for the Masses
More Multisite for the MassesRichard Archambault
 
Using WordPress.com for Business.
Using WordPress.com for Business. Using WordPress.com for Business.
Using WordPress.com for Business. Saravanan S
 
Shared Hosting and WordPress
Shared Hosting and WordPressShared Hosting and WordPress
Shared Hosting and WordPressAl Davis
 
After the install
After the installAfter the install
After the installAl Davis
 
Gaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerceGaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerceAndrew Wikel
 
Word press workshop powerpoint
Word press workshop powerpointWord press workshop powerpoint
Word press workshop powerpointerezwe
 
Deploying A Static Website Using WordPress
Deploying A Static Website Using WordPress Deploying A Static Website Using WordPress
Deploying A Static Website Using WordPressDaniel Schutzsmith
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hostingshendison
 
WordPress 101
WordPress 101WordPress 101
WordPress 101Online Business Owners
 
Wordpress Profitability for Agencies, Firms, and Freelancers
Wordpress Profitability for Agencies, Firms, and FreelancersWordpress Profitability for Agencies, Firms, and Freelancers
Wordpress Profitability for Agencies, Firms, and FreelancersCotton Rohrscheib
 
EndLess Possibilities With Wordpress
EndLess Possibilities With WordpressEndLess Possibilities With Wordpress
EndLess Possibilities With WordpressImanuel Gittens
 
Wordpress vs Google Blogger/ Wampserver
Wordpress vs Google Blogger/ WampserverWordpress vs Google Blogger/ Wampserver
Wordpress vs Google Blogger/ WampserverKshitij Wagle
 
Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...
Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...
Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...Mariya James
 
Securing your WooCommerce Site
Securing your WooCommerce SiteSecuring your WooCommerce Site
Securing your WooCommerce SiteJamie Schmid
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 

More Related Content

What's hot

WCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art StoreWCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art StoreSuzette Franck
 
WordPress Development in the Enterprise
WordPress Development in the EnterpriseWordPress Development in the Enterprise
WordPress Development in the EnterpriseIan Oeschger
 
Word press 2017 hosting
Word press 2017 hostingWord press 2017 hosting
Word press 2017 hostingAshley Cribb
 
Wordcamp Wilmington Wordpress 101
Wordcamp Wilmington Wordpress 101Wordcamp Wilmington Wordpress 101
Wordcamp Wilmington Wordpress 101Jared McMullin
 
Top Insights for Your WordPress Site
Top Insights for Your WordPress SiteTop Insights for Your WordPress Site
Top Insights for Your WordPress SiteWP Engine
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site MuhammadUsaid2
 
WordPress.com vs WordPress.org - How to Choose Your Host
WordPress.com vs WordPress.org - How to Choose Your HostWordPress.com vs WordPress.org - How to Choose Your Host
WordPress.com vs WordPress.org - How to Choose Your Hostlimesquare
 
Using WordPress.com for Business.
Using WordPress.com for Business. Using WordPress.com for Business.
Using WordPress.com for Business. Saravanan S
 
Shared Hosting and WordPress
Shared Hosting and WordPressShared Hosting and WordPress
Shared Hosting and WordPressAl Davis
 
After the install
After the installAfter the install
After the installAl Davis
 
Gaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerceGaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerceAndrew Wikel
 
Word press workshop powerpoint
Word press workshop powerpointWord press workshop powerpoint
Word press workshop powerpointerezwe
 
Deploying A Static Website Using WordPress
Deploying A Static Website Using WordPress Deploying A Static Website Using WordPress
Deploying A Static Website Using WordPressDaniel Schutzsmith
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hostingshendison
 
Wordpress Profitability for Agencies, Firms, and Freelancers
Wordpress Profitability for Agencies, Firms, and FreelancersWordpress Profitability for Agencies, Firms, and Freelancers
Wordpress Profitability for Agencies, Firms, and FreelancersCotton Rohrscheib
 
EndLess Possibilities With Wordpress
EndLess Possibilities With WordpressEndLess Possibilities With Wordpress
EndLess Possibilities With WordpressImanuel Gittens
 
Wordpress vs Google Blogger/ Wampserver
Wordpress vs Google Blogger/ WampserverWordpress vs Google Blogger/ Wampserver
Wordpress vs Google Blogger/ WampserverKshitij Wagle
 
Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...
Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...
Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...Mariya James
 

What's hot (20)

WCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art StoreWCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art Store
 
WordPress Development in the Enterprise
WordPress Development in the EnterpriseWordPress Development in the Enterprise
WordPress Development in the Enterprise
 
Word press 2017 hosting
Word press 2017 hostingWord press 2017 hosting
Word press 2017 hosting
 
Wordcamp Wilmington Wordpress 101
Wordcamp Wilmington Wordpress 101Wordcamp Wilmington Wordpress 101
Wordcamp Wilmington Wordpress 101
 
Top Insights for Your WordPress Site
Top Insights for Your WordPress SiteTop Insights for Your WordPress Site
Top Insights for Your WordPress Site
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site
 
WordPress.com vs WordPress.org - How to Choose Your Host
WordPress.com vs WordPress.org - How to Choose Your HostWordPress.com vs WordPress.org - How to Choose Your Host
WordPress.com vs WordPress.org - How to Choose Your Host
 
More Multisite for the Masses
More Multisite for the MassesMore Multisite for the Masses
More Multisite for the Masses
 
Using WordPress.com for Business.
Using WordPress.com for Business. Using WordPress.com for Business.
Using WordPress.com for Business.
 
Shared Hosting and WordPress
Shared Hosting and WordPressShared Hosting and WordPress
Shared Hosting and WordPress
 
After the install
After the installAfter the install
After the install
 
Gaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerceGaining (and Not Betraying) User Trust in WordPress eCommerce
Gaining (and Not Betraying) User Trust in WordPress eCommerce
 
Word press workshop powerpoint
Word press workshop powerpointWord press workshop powerpoint
Word press workshop powerpoint
 
Deploying A Static Website Using WordPress
Deploying A Static Website Using WordPress Deploying A Static Website Using WordPress
Deploying A Static Website Using WordPress
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting
 
WordPress 101
WordPress 101WordPress 101
WordPress 101
 
Wordpress Profitability for Agencies, Firms, and Freelancers
Wordpress Profitability for Agencies, Firms, and FreelancersWordpress Profitability for Agencies, Firms, and Freelancers
Wordpress Profitability for Agencies, Firms, and Freelancers
 
EndLess Possibilities With Wordpress
EndLess Possibilities With WordpressEndLess Possibilities With Wordpress
EndLess Possibilities With Wordpress
 
Wordpress vs Google Blogger/ Wampserver
Wordpress vs Google Blogger/ WampserverWordpress vs Google Blogger/ Wampserver
Wordpress vs Google Blogger/ Wampserver
 
Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...
Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...
Hire WordPress Developers India | Hire WordPress Programmers | WordPress Deve...
 

Similar to Securing WooCommerce Sites

Securing your WooCommerce Site
Securing your WooCommerce SiteSecuring your WooCommerce Site
Securing your WooCommerce SiteJamie Schmid
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
WordPress e-Commerce by Steve Mortiboy
WordPress e-Commerce by Steve MortiboyWordPress e-Commerce by Steve Mortiboy
WordPress e-Commerce by Steve MortiboySteve Mortiboy
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windowsarpit06055
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 
How WordPress Sites Get Hacked
How WordPress Sites Get HackedHow WordPress Sites Get Hacked
How WordPress Sites Get HackedAndrew Marks
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019stk_jj
 
Demystifying Web Application Security - JSFoo 2018
Demystifying Web Application Security - JSFoo 2018Demystifying Web Application Security - JSFoo 2018
Demystifying Web Application Security - JSFoo 2018shyamsesh
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012Cyren, Inc
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02amiinaaa
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloudZIONSECURITY
 
WordPress Hosting Basics
WordPress Hosting BasicsWordPress Hosting Basics
WordPress Hosting BasicsChris Burgess
 
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
4 Major Reasons for Big Organizations to Have Wildcard SSL CertificatesCheapSSLsecurity
 
The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 

Similar to Securing WooCommerce Sites (20)

Securing your WooCommerce Site
Securing your WooCommerce SiteSecuring your WooCommerce Site
Securing your WooCommerce Site
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security Basics
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP Meetup
 
WordPress e-Commerce by Steve Mortiboy
WordPress e-Commerce by Steve MortiboyWordPress e-Commerce by Steve Mortiboy
WordPress e-Commerce by Steve Mortiboy
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to go
 
How WordPress Sites Get Hacked
How WordPress Sites Get HackedHow WordPress Sites Get Hacked
How WordPress Sites Get Hacked
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019
 
Demystifying Web Application Security - JSFoo 2018
Demystifying Web Application Security - JSFoo 2018Demystifying Web Application Security - JSFoo 2018
Demystifying Web Application Security - JSFoo 2018
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
 
WordPress Hosting Basics
WordPress Hosting BasicsWordPress Hosting Basics
WordPress Hosting Basics
 
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
4 Major Reasons for Big Organizations to Have Wildcard SSL Certificates
 
The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 

More from Jamie Schmid

Content Architectures in WordPress 5
Content Architectures in WordPress 5Content Architectures in WordPress 5
Content Architectures in WordPress 5Jamie Schmid
 
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019Jamie Schmid
 
Dont Break Live lightning talk
Dont Break Live lightning talkDont Break Live lightning talk
Dont Break Live lightning talkJamie Schmid
 
Introduction to WooCommerce
Introduction to WooCommerceIntroduction to WooCommerce
Introduction to WooCommerceJamie Schmid
 
Remote Project Management WordCamp OC 2018
Remote Project Management WordCamp OC 2018Remote Project Management WordCamp OC 2018
Remote Project Management WordCamp OC 2018Jamie Schmid
 
YAY I'm Working Remotely! Now What?
YAY I'm Working Remotely! Now What?YAY I'm Working Remotely! Now What?
YAY I'm Working Remotely! Now What?Jamie Schmid
 
Making Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsMaking Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsJamie Schmid
 
Introduction to Content Strategy: SANDCamp 2018
Introduction to Content Strategy: SANDCamp 2018Introduction to Content Strategy: SANDCamp 2018
Introduction to Content Strategy: SANDCamp 2018Jamie Schmid
 
Content Doesn't Grow on Trees - An Introduction to Content Strategy
Content Doesn't Grow on Trees - An Introduction to Content StrategyContent Doesn't Grow on Trees - An Introduction to Content Strategy
Content Doesn't Grow on Trees - An Introduction to Content StrategyJamie Schmid
 
Introduction to Custom WordPress Themeing
Introduction to Custom WordPress ThemeingIntroduction to Custom WordPress Themeing
Introduction to Custom WordPress ThemeingJamie Schmid
 
Introduction to Content Strategy - WordCamp Montreal 2016
Introduction to Content Strategy - WordCamp Montreal 2016Introduction to Content Strategy - WordCamp Montreal 2016
Introduction to Content Strategy - WordCamp Montreal 2016Jamie Schmid
 
Content Architecture in WordPress
Content Architecture in WordPressContent Architecture in WordPress
Content Architecture in WordPressJamie Schmid
 
Content Doesn't Grow on Trees - Intruduction to Content Strategy
Content Doesn't Grow on Trees - Intruduction to Content StrategyContent Doesn't Grow on Trees - Intruduction to Content Strategy
Content Doesn't Grow on Trees - Intruduction to Content StrategyJamie Schmid
 
WCCBUS 2015 - Content Architecture in WordPress
WCCBUS 2015 - Content Architecture in WordPressWCCBUS 2015 - Content Architecture in WordPress
WCCBUS 2015 - Content Architecture in WordPressJamie Schmid
 
Structuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsStructuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsJamie Schmid
 
Structuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsStructuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsJamie Schmid
 
WordPress Beginner: Choosing & Customizing Your Theme
WordPress Beginner: Choosing & Customizing Your ThemeWordPress Beginner: Choosing & Customizing Your Theme
WordPress Beginner: Choosing & Customizing Your ThemeJamie Schmid
 
Structuring Content in WordPress: Against All the Odds
Structuring Content in WordPress: Against All the OddsStructuring Content in WordPress: Against All the Odds
Structuring Content in WordPress: Against All the OddsJamie Schmid
 
Structuring Content in Wordpress
Structuring Content in WordpressStructuring Content in Wordpress
Structuring Content in WordpressJamie Schmid
 
The Administrative Backend - Designing an Experience for the OTHER Users!
The Administrative Backend - Designing an Experience for the OTHER Users!The Administrative Backend - Designing an Experience for the OTHER Users!
The Administrative Backend - Designing an Experience for the OTHER Users!Jamie Schmid
 

More from Jamie Schmid (20)

Content Architectures in WordPress 5
Content Architectures in WordPress 5Content Architectures in WordPress 5
Content Architectures in WordPress 5
 
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
Content Strategy in a Gutenberg World Lightning Talk at WordCamp Phoenix 2019
 
Dont Break Live lightning talk
Dont Break Live lightning talkDont Break Live lightning talk
Dont Break Live lightning talk
 
Introduction to WooCommerce
Introduction to WooCommerceIntroduction to WooCommerce
Introduction to WooCommerce
 
Remote Project Management WordCamp OC 2018
Remote Project Management WordCamp OC 2018Remote Project Management WordCamp OC 2018
Remote Project Management WordCamp OC 2018
 
YAY I'm Working Remotely! Now What?
YAY I'm Working Remotely! Now What?YAY I'm Working Remotely! Now What?
YAY I'm Working Remotely! Now What?
 
Making Security Make Sense to Users and Clients
Making Security Make Sense to Users and ClientsMaking Security Make Sense to Users and Clients
Making Security Make Sense to Users and Clients
 
Introduction to Content Strategy: SANDCamp 2018
Introduction to Content Strategy: SANDCamp 2018Introduction to Content Strategy: SANDCamp 2018
Introduction to Content Strategy: SANDCamp 2018
 
Content Doesn't Grow on Trees - An Introduction to Content Strategy
Content Doesn't Grow on Trees - An Introduction to Content StrategyContent Doesn't Grow on Trees - An Introduction to Content Strategy
Content Doesn't Grow on Trees - An Introduction to Content Strategy
 
Introduction to Custom WordPress Themeing
Introduction to Custom WordPress ThemeingIntroduction to Custom WordPress Themeing
Introduction to Custom WordPress Themeing
 
Introduction to Content Strategy - WordCamp Montreal 2016
Introduction to Content Strategy - WordCamp Montreal 2016Introduction to Content Strategy - WordCamp Montreal 2016
Introduction to Content Strategy - WordCamp Montreal 2016
 
Content Architecture in WordPress
Content Architecture in WordPressContent Architecture in WordPress
Content Architecture in WordPress
 
Content Doesn't Grow on Trees - Intruduction to Content Strategy
Content Doesn't Grow on Trees - Intruduction to Content StrategyContent Doesn't Grow on Trees - Intruduction to Content Strategy
Content Doesn't Grow on Trees - Intruduction to Content Strategy
 
WCCBUS 2015 - Content Architecture in WordPress
WCCBUS 2015 - Content Architecture in WordPressWCCBUS 2015 - Content Architecture in WordPress
WCCBUS 2015 - Content Architecture in WordPress
 
Structuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsStructuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom Fields
 
Structuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom FieldsStructuring Content in WordPress using Advanced Custom Fields
Structuring Content in WordPress using Advanced Custom Fields
 
WordPress Beginner: Choosing & Customizing Your Theme
WordPress Beginner: Choosing & Customizing Your ThemeWordPress Beginner: Choosing & Customizing Your Theme
WordPress Beginner: Choosing & Customizing Your Theme
 
Structuring Content in WordPress: Against All the Odds
Structuring Content in WordPress: Against All the OddsStructuring Content in WordPress: Against All the Odds
Structuring Content in WordPress: Against All the Odds
 
Structuring Content in Wordpress
Structuring Content in WordpressStructuring Content in Wordpress
Structuring Content in Wordpress
 
The Administrative Backend - Designing an Experience for the OTHER Users!
The Administrative Backend - Designing an Experience for the OTHER Users!The Administrative Backend - Designing an Experience for the OTHER Users!
The Administrative Backend - Designing an Experience for the OTHER Users!
 

Recently uploaded

办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 

Recently uploaded (20)

办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 

Securing WooCommerce Sites

  • 2. Sitelock Community Evangelist WP Developer & Designer HI, I’M JAMIE SCHMID @jamieschmid @sitelock
  • 3. IS YOUR SITE SECURE?
  • 4. IS YOUR SITE SECURE? TICKETFLY’S WASN’T.
  • 5. • External factors influencing your website decisions • Overview of a typical customer ecommerce journey • Security vulnerabilities, risks and solutions along the way WHAT WE’LL COVER:
  • 6. • GDPR • loading speed • ease of payment processing • need to save data for returning customers • internal organization rules EXTERNAL FACTORS INFLUENCING YOUR WEBSITE DECISIONS
  • 8.
  • 10. User is on public wifi at a coffeeshop RISK •Use a VPN. •Force SSL. Browser settings: Always use HTTPS •Security software on her laptop •Use a VPN. •Force SSL. Browser settings: Always use HTTPS •Security software on her laptop SOLUTIONSRISKS • Man-in-the-Middle attack • The router may be unencrypted • Her OS may have malware • Someone may be snoopin’ & sniffin’ • The hotspot may be malicious
  • 11. RISKS SOLUTIONS User is on public wifi at a coffeeshop SHE SHOULD: • Use a VPN. • Force SSL in her browser. Browser settings: Always use HTTPS • Have active security software on her laptop (Norton etc)
  • 12. SOLUTIONSRISKS • Lead data is recorded by Facebook and analytics • Username enumeration • Passwords may not be stored securely • Host may not be secure User lands on your site via a Facebook ad
  • 13. SOLUTIONSRISKS • Your site may already be compromised • Is your site vulnerable to DDOS? • Are bots targeting your site? • Do you have a backup in case your site goes down? User lands on your site via a Facebook ad
  • 14. RISKS SOLUTIONS • SSL/HTTPS • Admins have strong passwords/login info, no password reuse! • Lockout policy/login lockdown in place • Keep core, all plugins and themes up-to-date • Use 2 Step AuthUser lands on your site via a Facebook ad
  • 15. RISKS SOLUTIONS • 2 Step auth plugins: Authy, Duo, Google Authenticator • Login Lockdown plugin • SiteLock central dashboard for updates. ManageWP, InfiniteWP plugins. User lands on your site via a Facebook ad
  • 16. RISKS SOLUTIONS • Have a good host with all your server software up to date. PHP7 is recommended by WordPress. • Use a firewall! • Access your site via SSH/SFTP • Automate backups! Updraft Plus, host-level backupsUser lands on your site via a Facebook ad
  • 17. RISKS SOLUTIONS • Application-level firewalls: SiteLock, Sucuri • WordPress firewalls: Jetpack, All-in-One, WordFence • CDN: SiteLock, CloudFlare, Jetpack • Malware watch and removal: SiteLock, Jetpack, Sucuri, iThemes, your host may offer this service for a charge • Fail2Ban plugin for brute force User lands on your site via a Facebook ad
  • 18. User enters her email in popup for 10% off with newsletter signup SOLUTIONSRISKS • Third party plugins are now loaded • WooCommerce, and any other third-party plugins or integrations, may not be secure • Her email info may not be securely stored • Your discount code may have been maliciously generated
  • 19. User enters her email in popup for 10% off with newsletter signup RISKS SOLUTIONS • Keep all plugins up to date • Fully vet your third party plugins! • Use plugins in the WordPress repository • Read reviews! • Use third-party plugins listed on the WooCommerce website
  • 20. User reads product reviews SOLUTIONSRISKS • Are these real product reviews or full of spam advertising Viagra and discount Coach bags? • Is the personal information collected in reviews securely stored? • Do you have permission to be storing and collecting this information on users?
  • 21. User reads product reviews RISKS SOLUTIONS • Gain user consent for collecting information • Do not allow bots to register on your site. Use Captcha, email validation, a honeypot. • Many form plugins include captcha options
  • 22. User clicks through to checkout SOLUTIONSRISKS • Checkout could be intercepted by a third party • Credit card data could be stolen • Payment processor may not be secure
  • 23. User clicks through to checkout RISKS SOLUTIONS • Make sure checkout is secure • SSL! You NEED that lock symbol! • PCI compliance, certified • Use a trusted third party processor that stores information off-site
  • 24. User creates new account SOLUTIONSRISKS • User’s account information is now linked to their email, name, address, password they used, potentially credit card info • User’s account information may already be compromised • User’s password may be easy to guess
  • 25. RISKS SOLUTIONS User creates new account RISKS SOLUTIONS • Force secure passwords on new user accounts • Make sure you are not storing credit card data on the same server • Make sure your database is on a different server from your website
  • 26. User submits payment and order information SOLUTIONSRISKS • Is your checkout secure???
  • 27. RISKS SOLUTIONS User submits payment and order information • SSL! You NEED that lock symbol! • PCI compliance, certified • Use a trusted third party processor that stores information off-site • Enforce strong password use: iThemes Security plugin, Force Strong Passwords plugin
  • 28. RISKS SOLUTIONS User submits payment and order information • SSL: Let’s Encrypt, wildcard, go with a host who offers SSL! • Enforce strong password use: iThemes Security plugin, Force Strong Passwords plugin
  • 29. User receives confirmation in email SOLUTIONSRISKS • Someone may have access to her email, enabling them to see all her account information and receipts
  • 30. RISKS SOLUTIONS User receives confirmation in email • Never send user’s password via email • Do not include credit card information in email
  • 31. User shares her purchase on Facebook SOLUTIONSRISKS • Connection may be insecure • Plugin may be insecure
  • 32. User shares her purchase on Facebook SOLUTIONSRISKS • Use a secure connection to authenticate to Facebook • Use a trusted third party plugin if you are not an API developer • ShareIt!
  • 33. You may be tempted to skip out on security. Time or budget may be tight. Your client may not be convinced it is needed. DO NOT SKIP SECURITY! Website security is on you, the developer. Require security as part of your web development process. Educate clients on its importance. ECOMMERCE SITES ARE A LOT OF WORK.
  • 34. TOGETHER WE CAN MAKE THE INTERNET A SAFER PLACE FOR EVERYBODY!