Professional Documents
Culture Documents
ecommerce
A 10-POINT^WEBSITE
SECURITY AUDIT
TIPS FOR SECURING YOUR ONLINE STORE
Introduction
Running an ecommerce website means taking a more
proactive approach to your site's security. As an online
store owner, it's your responsibility to take the necessary
precautions to protect customer accounts and data.
Build and maintain a secure network 1. Install and maintain a firewall configuration to
protect cardholder data
2. Do not use vendor-supplied defaults for
system passwords and other security
parameter
Maintain an Information Security Policy 12. Maintain a policy that addresses information
security for employees and contractors
Limit Failed Login Limit the number of The iThemes Security Pro
Attempts incorrect login attempts a WordPress Brute Force
bot can try before being Protection feature gives you the power
locked out. to set the number of allowed failed
login attempts before a username or IP
is locked out. A lockout will temporarily
disable the attacker’s ability to make
login attempts. Once the attackers
have been locked out three times, they
will be banned from even viewing the
site.
Force Strong A password that is at least Require users that can make edits to
Passwords 12 characters long, WordPress to use strong passwords.
random and includes a Using a WordPress security plugin like
large pool of characters iThemes Security Pro to force privileged
like “ISt8XXa!28X3” will users to use strong passwords will help
make it very difficult to to increase the WordPress login
crack. security
Refuse The more users you have Prevent your customers from using
Compromised that are reusing passwords, known compromised passwords.
Passwords the weaker your WordPress iThemes Security Pro takes advantage
login security will be. of the HaveIBeenPwned API to detect
whether or not a password has
appeared in a data breach. If a
password was found in a data breach,
iThemes Security will require you to
update your account’s password
immediately
Use Two-Factor There is no better way to Using a WordPress security plugin, like
Authentication secure your customer iThemes Security Pro, you can
accounts than by add WordPress two-factor
requiring WordPress two- authentication to your WordPress site.
factor authentication. Enable either the email or mobile app
Two-factor authentication method of two-factor. You can also use
requires an extra code the WordPress Passwordless Login
along with your feature to make it even easier to login
WordPress username and with the security of two-factor.
password to log in.
Limit Outside There are other ways to log Using iThemes Security Pro’s
Authentication into a WordPress site WordPress Tweaks settings, you can
Attempts besides using a login form. block multiple authentication attempts
Using XML-RPC, an attacker per XML-RPC request. Limiting the
can make hundreds of number of username and password
username and password attempts to one for every request will
attempts in a single HTTP go a long way in securing your
request. The brute force WordPress login.
amplification method allows
attackers to make
thousands of username
and password attempts
using XML-RPC in just a few
HTTP requests.
*Offer good on any *new* iThemes Security Pro (1 site) plugin purchase.
Coupon can't be used to renew or extend an existing iThemes Security Pro (1 site) plugin membership.