WordPress/WooCommerce security best practices?
Posted on 2016-08-06
I am about to launch a WordPress website that uses WooCommerce, and need to learn what things I need to change from the defaults, in order to make the site as secure as WordPress & WooCommerce allow.
I use SSL certificate and have HTTPS in the URL. I have a few domains pointing to this site and the one URL always takes over, and uses that single SSL certificate. Any possible exposures here?
Also, what about using the Admin username for daily updates? This seems like bad practice. But if I go an create a user for myself and use a comma first name, that seems like another easy one to target. Plus, if I have harder to guess username, Admin is still expose and has all the rights.
Suggestions about username security?
What about backing up the data? I honestly have no experience with developing on WordPress, and had someone program the site to my requirements. Since this is hosted on AWS, what steps must I take to back up the database?
Also, I have expressed the requirement the passwords use a hashing algorithm and can not be backwards generated, and told that a hashing algorithm is being used, making it impossible for a hacker to reverse engineer all the passwords.
Please provide me any additional advice you have on locking this down.
And what kinds of outside services, or WordPress plugins, could help me get notified if there is an intrusion attempt or the site is down?