Keeping WooCommerce secure

/0 Comments/in ,

WooCommerce is an extremely popular e-commerce platform, powering approximately 39% of all webshops worldwide. Its popularity can be attributed to its integration with WordPress, its free availability, and the ease with which users can set up an online store with just a few clicks. WooCommerce also offers a wide range of free plugins that allow users to customize their webshops according to their preferences.

However, the simplicity of setting up a WooCommerce webshop has also led to the proliferation of insecure webshops on the internet. These insecure webshops can become targets for hackers and may face various consequences, such as being hacked, sending spam to customers, leaking email addresses to third parties, transmitting credit card information without encryption, displaying unwanted links and advertisements, receiving Google’s “red flag” for security issues, and more.

If you are unable to invest in professional website security, following these four important rules can help you keep your WooCommerce webshop secure:

1. Install only one website per hosting package: Hosting packages are like closed spaces where your website resides. If multiple websites are hosted within the same package, a hacker or a hack-bot gaining access to one site could put all other sites at risk. Hosting each webshop separately minimizes this risk.

2. Regularly update WooCommerce: WooCommerce being a free platform, it is susceptible to hacking attempts. The developers behind WooCommerce regularly release updates with security fixes to counter such attempts. Keeping your WooCommerce installation up-to-date is crucial.

3. Use HTTPS: Having an SSL certificate and enabling HTTPS is not just about showcasing security; it is vital for securely transmitting sensitive data, such as payment information.

4. Limit the number of plugins: Although there are numerous plugins available to enhance WooCommerce, every plugin introduces a potential security vulnerability. Keeping the number of plugins limited to 3-5 WooCommerce addons can reduce the risk.

Remember, a webshop is like a physical store and requires proper security measures. WordPress, being the foundation of your WooCommerce shop, should be kept up-to-date and secured to ensure a safe and secure e-commerce environment.

Help! I’m not selling anything on my webshop!

/0 Comments/in

The importance of “getting customers on your website” is often underestimated. While there are many successful websites and webshops that attract millions of visitors and earn substantial profits, the reality is that the online market is highly competitive. Thousands of webshops offer products and services for sale, making it challenging for new businesses to stand out.

Before starting a webshop, it’s essential to ask yourself some critical questions:

1. Is my product or service already available on the internet? If yes, can you compete and are you willing to take on that challenge? If not, have you done market research?

2. What is the net profit margin of your product or service? It’s crucial to consider all costs, including investments, expenses, and overhead, to determine the actual profit.

3. Are you starting this webshop as a hobby or a serious business plan? Understanding your commitment and goals is crucial.

4. How much are you willing to invest, and what sacrifices are you prepared to make to achieve your goals?

Once your webshop is up and running, you will face various challenges:

1. Building a customer base and establishing a brand may take 2-5 years.

2. Dealing with customer complaints and issues, even if your product or service is excellent, is part of running a business.

3. Determining the duration and level of customer service you can provide is essential.

4. Handling negative publicity effectively is critical.

5. Acquiring and retaining customers require a thoughtful marketing strategy.

6. Ensuring steady income streams and long-term business growth is essential for sustainability.

7. Having a clear vision of where you want your business to be in 5-10 years is important for setting goals.

8. Having a backup plan (plan B) in case things don’t go as expected is essential.

Starting a webshop with a positive outlook is natural, but it’s important to be prepared for the challenges and responsibilities that come with it. Online webshops have at least 60% of the problems and challenges that physical stores face.

To succeed, you need to find a way to differentiate your webshop among thousands of others and attract customers on the vast internet. It may seem easy to start an online business, but it comes with various challenges that require careful planning and preparation.

If you have a WordPress website or are planning to have one, WPbeveiligen specializes in securing WooCommerce webshops, which is crucial for WooCommerce and WordPress due to potential vulnerabilities.

Using Google webmaster tools

/0 Comments/in , ,

Google Webmaster Tools is a free service provided by Google that allows you to see how your website appears in search results. It offers various valuable information, including:

1. Search keywords and the number of clicks/visitors your website received for each keyword.
2. The number of inbound links to your website from other websites.
3. Indexing status with a graphical representation.
4. Blocked pages on your website.
5. Crawl statistics.
6. Potential security issues.

These are powerful tools typically used by experienced webmasters.

WPbeveiligen uses Google Webmaster Tools primarily to check whether clients’ sites have been approved by Google. Additionally, they ensure that the site appears in Google search results and that any red warning pages from Google are removed after recovery from malware.

Re-submitting your website for review through Webmaster Tools is crucial if your site has been infected with malware and its search results have been negatively impacted.

To get started with Google Webmaster Tools, you need a Google account. Once you are logged in, go to the Google Webmaster Tools page. Click on the “Add a property” button to add your website. You’ll need to verify that you are the owner of the website, and the easiest method is by downloading an HTML file and placing it in the root directory of your website using an FTP program.

Once the verification is successful, you can access various information about your website’s performance in Google’s search engine.

In the left-hand menu, you can choose the specific information you want to view. Google Webmaster Tools is a valuable resource for website owners and can provide insights to improve your site’s performance in search results.

10 WooCommerce extensions you can’t live without

/0 Comments/in

WooCommerce is one of the fastest-growing webshop software on the internet, and a significant reason for this is that WooCommerce runs on WordPress and is available for free download. Additionally, it’s easy to install with just a few mouse clicks.

However, WooCommerce is not entirely free. The trick lies in how the webshop operates. While WooCommerce seems comprehensive at its core, when you want to customize the registration fields or the checkout page, you’ll find that you need extensions. These customization options are not included by default in WooCommerce, and as you might have guessed, you can purchase them separately.

Does this sound familiar? Yes, it’s similar to the free games for phones with in-app purchases.

Nevertheless, there is an advantage:

Your webshop is not overloaded with features by default.

Below is a list of “extensions,” as WooCommerce calls them, that are crucial for a large webshop. Most of them can be purchased from the WooCommerce store, and we have provided links to each extension.

Essential WooCommerce Extensions

Extension 1: Customize Checkout Fields

The checkout field editor

This extension is necessary if you want to customize the fields that visitors fill in during the checkout process.

Extension 2: Wishlist

The wishlist addon

Allow visitors to save their favorite products. Without registration, they can save favorites and come back later to purchase them. The favorites are stored for 30 days, and for registered users, favorites can be saved as long as they want. It allows the customer to save for later.

Extension 3: Newsletter Subscription

Newsletter subscription

Customers can subscribe to the newsletter with just one click during checkout. This extension works in conjunction with Mailchimp.

Extension 4: Currency Converter

Currency converter widget

Visitors from other countries can choose the currency in which they want to see the amount. The currency converter widget uses a general database to display the currency at the current exchange rate.

Extension 5: PDF Invoices

PDF invoices

While you might expect WooCommerce to send invoices in PDF format by default, everything is done via emails. This extension ensures that customers also receive a downloadable PDF that can be printed or used for administrative purposes.

Extension 6: Payment Gateways

Mollie gateway

To receive payments via iDEAL and other methods, you can establish complicated connections with your bank. But this involves a lot of work.

Mollie is a Dutch company that provides payment options and simply deposits the various payments into your account without the need for contracts with your bank.

Extension 7: Multiple Shipping Addresses

Shipping multiple addresses

By default, you can only enter one shipping address during checkout. But what if you make multiple purchases at once and want them sent to different addresses? This extension allows that.

Extension 8: Product Image Watermark

Product image watermark

Prevent others from copying and using your product images by automatically placing your logo on the image with each new upload.

Extension 9: Multilingual Webshop

WPML

This is not an official extension of WooCommerce itself but a plugin that works with the webshop to make it multilingual. WPML has a Multilingual E-Commerce module specifically designed for this purpose.

Extension 10: Security

WordPress antivirus

An antivirus for WordPress is not a luxury but a necessity, especially if you use WooCommerce. You want to protect your customers and their data as much as possible, and you can achieve this with this antivirus plugin for WordPress.

Paid Extensions vs. Free Extensions

For the above extensions, you pay a small amount. However, it is recommended to make this investment over free alternatives. These paid extensions can be downloaded from the WooCommerce site, ensuring that there are no hacks or backdoors.

The Sky is the Limit?

Don’t clutter your webshop with too many extensions/plugins. Each plugin loads code, which can slow down your website. Additionally, hackers frequently test plugins for vulnerabilities, and they often find them. In short, every additional plugin is a potential vulnerability.

Try to have your WooCommerce webshop work with a maximum of 5-8 targeted plugins. Less is more when it comes to security.

Plugins, the weakest link in WordPress

/0 Comments/in ,

WordPress takes security seriously, and the company behind WordPress, “Automattic,” regularly releases security updates. Since 2007, we have been working with WordPress, and we can say that WordPress has always been one of the safest Content Management Systems, and it still is.

However, not every corner of the WordPress world is sunny. With 48,000+ free plugins created by unknown companies and developers, there are also many vulnerable plugins that become the weak link in WordPress’s watertight system.

Some Popular Plugins

Here are a few examples of popular plugins that have had security issues:

  1. All in One SEO – Improves Google rankings (2 vulnerabilities in 2016)
  2. W3 Total Cache – Speeds up the website (8 vulnerabilities in 2016)
  3. Contact Form 7 – Creates easy-to-use contact forms (last 3 vulnerabilities in 2014)
  4. Advanced Custom Fields – Enhances WordPress for advanced business websites (2 vulnerabilities since 2014)
  5. Akismet – Prevents comment spam (last vulnerability in 2015)

These are just five random plugins, but at the time of writing, there are 5194 known WordPress core, plugin, and theme vulnerabilities.

1 or 2 vulnerable plugins on my site are not a problem, right?

You might think, “Who would try those vulnerable plugins on my website?!” But here’s the bad news: at least 30,000 to 50,000 computers are actively hacking and processing 1000 requests per minute! Fully automated!

Calculation:
30,000 computers x 1000 requests = 30,000,000 x 24 hours
That’s 43,200,000,000 hacking attempts per day.

This only refers to home hackers who use programs to search the internet (Google) for injecting plugins. If we add the scripts running through servers, you wouldn’t believe how many websites are attempted and successfully hacked daily (to show advertisements).

All that effort for a little advertisement?

Indeed, once a site is hacked, the hacker will only display advertisements.

Consider what that does when a hacker can place their product on thousands of sites weekly, and some people end up buying it. The hacker exploits the trust that these sites have built with their customers. When a customer buys a product from the hacker’s webshop, the hacker earns good money. Usually, these products are expensive, and there’s uncertainty about whether they’ll arrive. In short, there’s a lot of money to be made in a short time without much effort.

Preventing Hackers from Exploiting Your Website

This antivirus plugin is specially developed for WordPress. The plugin is fully in Dutch and gives you a great advantage over hackers.

The plugin blocks injections, protects your server, and shows you who is attempting to log in to your WordPress falsely. This antivirus plugin combats hackers in over 200 ways and blocks many of their attempts.

All our sites run with this antivirus plugin because we don’t give hackers a chance!

More Tips to Protect Against Hacks

  1. Install a good antivirus for your WordPress website.
  2. Keep your WordPress up-to-date.
  3. Do not install unnecessary plugins and remove inactive plugins.
  4. Ensure your server is up-to-date.
  5. Regularly check if everything is running smoothly using Sucuri.
  6. Check the plugins you use for known vulnerabilities.

What happens on the server?

/0 Comments/in

To keep your WordPress website secure, it’s essential to monitor what’s happening at the file level. Having a clear overview of all activities on the server ensures that hackers have no chance, and you can take action before Google, Adwords, and other sources block your website.

Let’s provide a brief explanation of these terms and how they work:

WordPress at the File Level

WordPress consists of various components on the server to function fully. This includes the administration panel, which resides on the server, as well as the display of your theme, homepage, registration pages, and more. If hackers can manipulate these files, they can accomplish a lot—such as obtaining customer data, login credentials, or redirecting visitors to their own sites.

Overview of Activities

As if that’s not bad enough, they can also add a file to send emails via your website using your address! Having such a file on your server is something you definitely want to avoid. Therefore, knowing the activities taking place on your server is crucial.

How to Monitor Server Activities

If you are a keyboard enthusiast like us, you can use an FTP program to access the server or use the file manager of Directadmin/Cpanel.

However, there’s an easier way!

With this security plugin: Website File Changes Monitor* for WordPress, you can see what’s happening on your server. The plugin is relatively new at the time of writing and is free to use.

scanner for wordpress

*In the past, we recommended iThemes Security, but it has been showing too few changes in the logs in recent months..

WordPress implements forced update

/0 Comments/in

In WordPress 4.7.0, a new API was introduced that turned out to be insecure.
The new REST API, which is enabled by default in all WordPress 4.7.0 releases, can be used to modify posts without having administrator rights.

This is every hacker’s dream! With automated injections, modifying posts could lead to millions of sites displaying unwanted text, advertisements, and links.

Silence is golden

The WordPress developers were informed of the vulnerability by a major security company. From that moment on, the developers worked tirelessly to test and fix the vulnerability.
To prevent hackers from gaining an advantage, they kept knowledge of the vulnerability quiet and implemented a forced update. It was only a week after the update was released to millions of sites that the news became public.

What is a forced update?

This forced update is different from any regular update. Normally, you can choose whether you want to update WordPress automatically or not.
This update to 4.7.2 was forced and applied even to websites with “automatic updates” turned off.

Who disables automatic updates?

You would expect that automatic updating only has advantages. You don’t have to pay attention to updates yourself, and your website never falls behind.

But sometimes, the plugins you use are not up to date, or there are no more updates provided for the plugins.

At that moment, the new WordPress release may conflict with your plugin, causing the plugin to stop working or display errors on your website.
And if you don’t notice it because the update was done automatically…

What does WPbeveiligen do with updates?

For websites with 2-5 plugins, it is relatively safe to allow automatic updates. However, when it comes to websites with 8-20 plugins, we prefer to perform updates manually, especially for plugins. While updating, we check the website to ensure everything is still functioning correctly. If an error occurs, we can immediately identify the cause.

Google Adwords and Malware

/0 Comments/in

Google AdWords has a strict policy against malware. If your website contains malware, your AdWords campaign will be suspended until the malware is removed!

What is Malware?

Malware is the collective term for Malicious Software, which results in unwanted advertisements or viruses that attempt to steal data on the web.

How does Google AdWords detect malware?

Websites are scanned daily, and in some cases, every minute for the displayed texts. The source code is scanned, and the website is tested for Trojans, phishing, and more.

Google AdWords and malware don’t mix!

Your ads will be immediately suspended, resulting in potential loss of income and customers. Malware must be avoided at all costs.

What can you do against malware, viruses, and phishing?

It is essential to secure your website properly. Automated scripts that attempt to place malware on your website should not be given a chance.

Your WordPress website should be secured at several key points:

  1. URL injections must be blocked
  2. File permissions on the server must be set correctly
  3. The WordPress admin panel must be hidden
  4. The server must be made inaccessible for directory browsing
  5. WordPress, plugins, and themes must be kept up to date

A good plugin that can help with this is the WPbeveiligen Antivirus.

What to do if malware is detected?

Take immediate action to make your website safe and free from malware.

Hire us to make your website free from hacks!
We will remove the malware and secure your WordPress website to prevent future incidents.

We will also ensure that your AdWords campaign is reactivated as soon as possible by following Google’s procedures or contacting Google AdWords directly.

Securing your WordPress website

/0 Comments/in

Securing Your WordPress Website: Is It Really Necessary? Isn’t WordPress Secure Enough?

Hackers are constantly searching for vulnerabilities in WordPress and its plugins. And unfortunately, they have been successful!

These hackers are not just amateur programmers with too much time on their hands.

You’re dealing with full teams, where each programmer uses their knowledge to create a hack.

Secure WordPressPlugins + Themes = A Vulnerable Site

Among the 48,749 plugins available for free download and the 40,000+ paid premium plugins and themes, there are 6144+ WordPress plugins and themes that have reported vulnerabilities known to hackers.

Securing your WordPress website is no longer a luxury with all these vulnerabilities! It has become necessary to protect your WordPress website.

A hacked WordPress website can cause the following issues:

  • Sending spam (unwanted advertisements) using your website address
  • Capturing and redirecting customer information
  • Displaying advertisements (links) within your own content

Securing Your WordPress Website Against Hackers

Hackers are not personally involved in hacking your WordPress website.

Hackers deploy scripts online that continuously search for WordPress websites via Google and test them for vulnerable plugins and outdated WordPress versions.

It’s important to keep WordPress up to date and prevent these (hack) scripts from gathering information about your website. The more a hacker and/or script knows about your website’s data, the easier it is for them to find a vulnerability.

Securing Your WordPress Website Against Vulnerable Plugins

Plugins are developed by web agencies and programmers from all over the world. Many of these programmers are unaware of hackers’ tricks. Even though they create brilliant plugins, those plugins are unfortunately susceptible to automated hacks.

Securing Your WordPress Website Against Injections

WordPress has various methods for updating news, such as through the app or APIs. It’s crucial to prevent these injections!
An injection is a command given to your website through a specific URL, typically through the navigation bar.

Secure WordPressPlugins like iThemes Security PRO NL block long commands, significantly reducing the possibility of injections.

Securing Your WordPress Website with WPbeveiligen

We actively secure WordPress websites seven days a week. We know hackers’ tricks and have the knowledge to defend against them.

Let us secure your WordPress website!

WordPress has been hacked, now what?

/0 Comments/in

WordPress is often hacked through vulnerable scripts. We still call it hacking because there has always been someone who wrote an automated script, and their advertisements appear on your website due to the hack. In fact, it’s more automation than hacking, as the script works 24/7 without the hacker being involved anymore.

But once you have an advertisement or your website is sending spam due to the hack, it’s important to get rid of it.

Restoring the hacked website

You can follow this step-by-step guide to restore your hacked website:

  1. First, make a backup of all data and the database
    The data includes the entire www/httpdocs folder.
    You can often export the database through phpMyAdmin or using a backup plugin.
  2. Try to update as much as possible
    Download WordPress and manually upload it to the server (using an FTP program). Also, replace the plugins with new ones and, if possible, the theme.
    Note: Updating the theme may sometimes cause style changes. Only consider this if you have the necessary knowledge to adjust the settings/style.
  3. Check your server for backdoors and unwanted files
    A hack never comes alone. Besides the modifications to your website through advertising injection, there are usually files and codes (see WPbeveiligen detection tool) on the server that allow the hacker and their script to regain access to your website.
  4. Check all plugins and themes for vulnerabilities
    You can do this using this website.
    If your plugins contain vulnerabilities, it’s recommended to use alternatives.
  5. Secure your WordPress website
    The hack has entered your website, and without security, it will happen again.
    Install a good security plugin on your website and configure it.
  6. Afterwards, verify that your website is fully restored
    You can do this through webmaster tools or using the Sucuri malware scan.

Good luck!

It’s a significant task that requires knowledge and patience. If you’re unable to do it, you can contact us. We restore WordPress websites on a weekly basis and provide a guarantee for our services!