We have been running our own digital game codes ecommerce site now for about 8 years. We have survived hacks, chargebacks, poor payment providers, stealing and code resellers. Over this time we have tried many different solutions to keeping our site secure here are our top 5 tips:
Within the one plugin you get a number of different tools to help defend your site:
- IP address checks – Is your customer really who they say they are? Or are they from a different country? Those trying to hide/change their location will be more likely to be a fraudster.
- Suspicious email address filtering – a chance to filter out all of those dodgy, disposable email addresses that fraudsters love to use.
- Auto Blacklisting – when a fraudster tries to order and gets a poor rating, they are immediately blacklisted.
- Order limiting. If a fraudster gets hold of your site, they will make big and frequent orders – which can cost you big time. YITH Anti-fraud allows you to limit the amount of transactions and the amount of each transaction to avoid this happening.
- Limit accounts by IP address. If a fraudster gets found out with one account, they will try again with another account. YITH lets you negate this
- Flexibility to adjust the settings and weightings of each component
Whilst YITH Woocommerce Anti-fraud works automatically, you also have the option to send yourself an email alert when the plugin finds a problem. This allows you to take evasive action – which could even mean allowing credible orders that have been caught up in the net.
YITH Woocommerce Anti-fraud is a must for any Woocommerce based business.
Not only does Cloudflare provide a serious grade firewall and DDoS protection, it provides solutions to make your website faster such as caching, mobile optimisation and image optimisation. A must for security and improving your site speed – thus improving your search engine rankings.
These come pretty standard with all good webhosting services including ours and are installed automatically.
Q: How do I tell if my site has an SSL certificate?
A: Quite simply your site should be directed to https://…….. When it is, you should see a ‘lock’ before your website address in Google Chrome. If you dont have an SSL certificate, it will show “Not Secure”. If yours does not have an SSL certificate, talk with your hosting provider immedieately.
Securi is another must have WordPress plug in. Sucuri does a lot of things well, but we mainly use the free plugin to get into all of the ‘nooks and crannies’ of the site. What many people (including developers) dont know is that WordPress can create a few holes for others to exploit by uploading and running their own scripts. Sucuri plugs those holes.
It does what it says on the box. It limits fraudsters and hackers bombarding your site trying to guess your login in details. Its another layer on top of Cloudflare and Anti-fraud. But its free and comes pre-installed with WordPress. Why not use it?
Thats our top 5 tools to use to secure WordPress websites. Are there any more that people out there use and recommend?