If you use the WooCommerce platform to power your ecommerce store you are already aware of the recently-released WooCommerce vulnerability. The company blogged about the issue and sent out emails. They even took the route to push out auto-updates to the affected installations even if you have auto-updates turned off because the vulnerability is that bad. Even though the company hasn’t discussed the particulars of the issue, except that it’s a SQL-injection attack, they are still investigating. So what can you do about it?
What Can You Do About The WooCommerce Vulnerability? Update The Affected Plugins
The WooCommerce vulnerability in the affected plugins was patched quickly by the company and they suggest you upgrade to the latest branch. So that’s the first thing you should do. And that’s what I did for my store.
Yes, you should test the updates on a Staging or Test site before installing it on your live store. (And if you don’t have a Staging or Test site then you need to make one now!)
I know this option will not work for every installation because some stores run a custom version of WooCommerce. Thus, the developer or the company will have to test out the update before pushing it onto a live store. Depending on the customization the new update could break the site’s functionality. If that happens then more work will have to be done to make the site stable, which can be time-consuming or costly.
What Can You Do About The WooCommerce Vulnerability? Use Good Security Practices
To protect your site and your customer’s data from this WooCommerce vulnerability you need to use good security practices.
First, the company suggest you change your admin password. Second, you should be using Two-Factor Authentication on your admin account. Third, your site should have a Web Application Firewall installed. I use and suggest Wordfence. Fourth, you should check your firewall’s logs to make sure you haven’t had any unauthorized logins. Finally, you should join a mailing list that keeps you abreast of all WordPress and/or WooCommerce security issues. That way you stay informed.
Thanks for reading this post and visiting Brittbot. Keep coming back to read my thoughts about WordPress, building your brand, website services, and programming topics.