Is WordPress secure for eCommerce website?

(Moeez) #1

WordPress was not primarily made for eCommerce websites. However, many online stores are made using different plugin specially WooCommerce. but is it safe to create an eCommerce site on WordPress?

(Mustaasam Saleem) #2

Hi @Moeez

The WordPress core itself is secure enough. I have heard hardly a few times that a WordPress site is hacked because of its core.

Most of the hacks are due to the low security by the owner himself. It is always suggested to tighten the security of a WooCommerce store. You can find some tips online. Here are the few top-ranked in Google SERP.

(Faruk Erdogan) #3

Hi @Moeez,

Could you be more clarify saying “Is it safe”?
Why do you think about having an e-commerce website built with WooCommerce shouldn’t be safe. What did you hear about this situation?

(Leland Fiegel) #4


Most WordPress sites are hacked for reasons other than core vulnerabilities.

  • Their WordPress admin password is weak.
  • Their hosting control panel is insecure.
  • Their web server is insecure.
  • Their domain registrar account is insecure.
  • Their internet connection is insecure.
  • Their theme is insecure.
  • Their plugins are insecure.
  • Their computer is compromised with malware / keyloggers.

With all that said, you might want to consider a managed WordPress host that handles security-related issues for you.

(Mustaasam Saleem) #5

Thanks @leland for clarifying in more detail.
Just to add a bit more:

  • Their admin login page is the default one.
  • Their administrator is the default “Admin” username.

@Moeez have a look at the answer.

(Moeez) #6

Well I have heard a lot of things like WordPress isn’t secure as it is vulnerable to hacking. But after reading Mustaasam and Leland’s comments, I think it is down to the site owners that results in WordPress websites getting hacked.

(Leland Fiegel) #7

Would definitely help for a lot of rudimentary and automated attacks, although it’s worth noting these items are related to “security by obscurity.”


Neither of those details protect a WordPress site. For most sites it is easy to get a list of all users that have posted content, and the wp-admin section is not much harder to figure out.

I can’t think of any reason to not change those things, but they add no benefit. One caveat may be that it is harder for users to remember the custom admin path, if changed.

Keeping software updated and credentials secure, these are the methods to protect a site. We don’t have “admin” accounts anymore, and if they get your passwords, it doesn’t matter what the wp-admin path is. :slight_smile:

(Abhishek Deshpande) #9

WordPress is not inherently built for eCommerce. In order to sell anything on your website, you need to use a theme and a series of plugins in order to tap into that functionality . But just because WordPress on its own is not eCommerce-ready doesn’t make it any less of a good choice to build your online store with.

WordPress has security well covered with:

SSL certificate integration
Security plugins like Defender
Well-vetted WordPress themes
Well-vetted plugins (like WooCommerce, Easy Digital Downloads, MarketPress, etc.)
Secure payment gateway integration
Stringent password and other login requirements.

So yes it is Secure for eCommerce Website.

Shri Krishna Technologies