Hi everyone
I wanted to share a real-world approach I've taken to secure a WooCommerce-based eCommerce website, and I'd love to hear how others here handle WordPress security, especially for small businesses.
Here's a quick overview of what I've implemented:
WordPress Security Layer:
- Wordfence Firewall with strict country blocking
- Custom CSP headers (to prevent XSS & script injection)
- Blocked referrers, anonymous browsers, and suspicious user-agents
- Secure caching with HTTP security headers
eCommerce Stack:
- WooCommerce + custom COD (Cash on Delivery) form with validation
- WhatsApp Cloud API integration for order alerts (working great!)
- Now planning to add Twilio SMS API for fallback notifications
Live project: (https://ellyzaki.com) - a real storefront for organic Moroccan products like Amlou and honey.
I'm interested in:
- Your feedback on securing small WP setups
- Any IBM tools or services you'd recommend to enhance this stack (e.g., QRadar, Guardium Insights, etc.)
- If you've used any AI-powered threat detection plugins for WP
Looking forward to exchanging ideas
------------------------------
Elly Zaki
------------------------------