If you run an eCommerce business, WordPress is one of your best options for a content management system (CMS). Using any of the variety of plug-ins available on the market, a site owner or administrator can set WordPress up as a complete CMS solution for an eCommerce enterprise. The process is actually easy, in most cases, and affords you the opportunity to build out this open source solution into something that could potential save you thousands of dollars in development costs. Where eCommerce is concerned, however, security is a necessity, both for your customers and yourself.
The security of your WordPress installation starts with your hosting company. You’ll need to make sure that your hosting company is on top of their game and that they monitor their systems on a 24-hour basis. This helps protect against:
- Intrusion attempts
- Distributed Denial of Service Attacks (DDoS)
- Botnet Activity
Ask your hosting company if they monitor their network around the clock. If you want to know about the quality of their response time, make a technical support call at a very odd hour. If you can, for example, call in at 2 or 3am with a minor issue. See what kind of response time you get. This will give you an idea of how many people are actually staffing the tech support lines at night.
You’ll want to make sure that secure FTP (SFTP) is available on your server. This is an upgrade from standard FTP service. Using SFTP, you can transfer files without worrying about them being intercepted or copied in transit. SFTP forms a secure connection between the server and the computer performing the upload. Make sure your host offers this if you’re operating an eCommerce site. It makes uploads and downloads much more secure.
If you’re advanced users, you’ll want to make sure your WordPress host offers Secure Server Shell (SSH) on their system, as well. This is a command-line interface that allows you to execute commands securely on your server over the Internet. It’s a necessity for any enterprise that’s serious about security.
Make sure your host can set you up with a secure server. While you can buy these services separately, it’s a lot more convenient if your WordPress hosting company can set it up for you on the same account as your hosting. It also means that there’s only one company to call for any technical support issues.
Remember that your company—whether it’s 2 people or 200 people in total—is where the success or failure of your security policy starts. Make sure you’re using permissions to lock people out from files that they shouldn’t have access to on your server. Make sure that access to the server in any regard is restricted to those individuals who have a legitimate need and that passwords are closely guarded. Having established protocols for password requests and the sharing of any security-related information can guard against social engineering hacks, which are among the most popular used by malicious hackers.
Veronica Clyde is a tech writer at VPNServices.net – a place where you can read reviews about the best VPN providers. If interested check out a Private Internet Access review.