WooCommerce Server Security

  • Update frequently
  • Replace passwords frequently while verifying at least 8 characters long (lower and upper case alphabets, numbers and symbols) and set up Two-Factor Authentication
  • Verify that there is a firewall and DDOS protection
  • Config the Intrusion Prevention System (enable mod_remoteip if used with reverse proxy)
  • Set up hiding of the web server details
  • Scan the server files and pass on the logs frequently
  • Use the user root only if required
  • Disallow SSH root connection, in /etc/ssh/sshd_config use the directive:
PermitRootLogin no
  • Define which logs will be saved and where in the file /etc/rsyslog.conf.
  • Config the intrusion prevention system Fail2ban:

Activate mod_remoteip (in case of reverse proxy)

Create the /etc/fail2ban/jail.local file and use the commands, for example to enable the recidive SSH protection:

[recidive]
enabled = true

[sshd]
enabled = true

Config multiple log files:

logpath = /var/www/clients/client12/web*/log/access.log
          /var/www/clients/client13/web*/log/access.log

Unban IP with the command:

fail2ban-client set sshd unbanip $IP
  • Hide the Apache web server details- add the directives into /etc/apache2/apache2.conf:
ServerTokens Prod
ServerSignature Off
  • Hide the PHP details- add the directives into php.ini:
expose_php = off

Leave a comment

Your email address will not be published. Required fields are marked *