WordPress-based stores face more security noise than dedicated ecommerce platforms because WordPress is the web’s biggest attack target. This guide covers the security warnings you’ll see, the housekeeping that matters, and UK GDPR obligations.
WordPress security basics • Keeping WP core and plugins updated • File permission errors • Admin URL hardening and 2FA • Imunify360 alerts • UK GDPR breach obligations • FAQ
Four pillars:
WordPress core security updates auto-apply on SmartXHosting. Plugins and themes need manual updates (or automated via plugins like WP Auto Updates).
Enable:
Expected on WordPress:
wp-config.php: 600 (contains database credentials)Plesk Fix Permissions button handles these. If warnings persist (e.g., security plugin flags), support ticket resolves.
Default /wp-admin is attacker-discoverable. Harden:
Pre-installed on SmartXHosting WooCommerce plans. Monitors:
View events via Plesk › Imunify360.
Article 33: notify ICO within 72 hours of a qualifying breach. For UK online retailers:
WooCommerce hosting with proactive security
Imunify360, scheduled WP patches, UK data centre, 24/7 monitoring and UK incident response — SmartXHosting WooCommerce plans include security built in.
See WooCommerce plansQ: How often should I update WordPress core?
A: Minor/security: immediately (auto-applies on SmartXHosting). Major: test on staging first, then within 2–4 weeks of release.
Q: What’s the risk of not updating plugins?
A: High. Many plugin vulnerabilities affect thousands of sites in scan-and-exploit campaigns. Update or disable.
Q: Signs my WooCommerce is hacked?
A: Unknown admin users, spam product descriptions, rogue PHP files in wp-content, strange outgoing email traffic, Google Safe Browsing warning.
Q: Do I need Wordfence if Imunify360 is running?
A: Imunify360 + Wordfence is belt-and-braces. Many stores run both. If cost-sensitive, Imunify360 alone is sufficient.
Q: PCI DSS with WooCommerce?
A: SAQ-A for hosted Stripe/PayPal forms. Standard compliance tier.
Q: Password manager recommendation?
A: 1Password, Bitwarden (free), LastPass. Generate unique strong passwords per admin account.
Q: Recovering from a hack?
A: SmartXHosting restore from clean backup + forensics to identify entry point. Patch that vulnerability before bringing back online.