1. Platform and Hosting Security

  • Server Configuration: Our WooCommerce site is hosted on WP Engine, which provides robust security features including hardware firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). These measures help protect against unauthorised access and attacks.
  • Hosting Provider: WP Engine is SOC 2 Type II and ISO 27001 certified, ensuring high standards of security. They offer DDoS protection and automatic backups to safeguard our data.

  1. Data Protection

  • Encryption: All sensitive data, including customer information and payment details, is encrypted in transit using SSL/TLS protocols. Data at rest is also encrypted to protect against unauthorised access.
  • Database Security: Our database is secured with strong access controls and encryption. WP Engine provides automated daily backups of our database, ensuring data integrity and availability.

  1. Access Control

  • User Roles and Permissions: We utilise WordPress’s built-in roles and permissions to control access to different parts of our site and admin panel. Only authorised personnel have access to sensitive areas.
  • Two-Factor Authentication (2FA): WP Engine supports 2FA for admin logins, adding an extra layer of security to prevent unauthorised access.

  1. Software and Plugin Security

  • Updates: WP Engine manages core WordPress updates automatically, ensuring that our site is always running the latest and most secure version. We regularly update our WooCommerce software, themes, and plugins.
  • Trusted Plugins: We only use reputable and well-reviewed plugins, which are regularly updated by their developers to address any security vulnerabilities.

  1. Malware and Vulnerability Scanning

  • Security Plugins: Our site is protected by security plugins such as WordFence, which provides malware scanning, firewall protection, and real-time threat detection.
  • Regular Audits: WP Engine conducts regular security audits and scans to identify and fix vulnerabilities, ensuring our site remains secure.

  1. Payment Security

  • PCI Compliance: Our WooCommerce site is PCI DSS compliant, ensuring that we handle credit card transactions securely and in accordance with industry standards.
  • Secure Payment Gateways: We partner with a trusted gateway provider to ensure secure transaction processing that complies with PCI standards. Our Checkout solution is a comprehensive, end-to-end platform hosted by Verifone. It supports secure card payments and various alternative payment methods, all on a single page.

  1. Backups and Recovery

  • Backup Frequency: WP Engine automatically performs daily backups of our entire site, including the database and files. These backups are stored securely and can be easily restored.
  • Disaster Recovery Plan: In the event of a security breach or data loss, we can quickly restore our site from the latest backup using WP Engine’s one-click restore feature.

  1. Security Policies and Procedures

  • Security Policies: We have implemented comprehensive security policies covering password management, user account management, and incident response. These policies are regularly reviewed and updated.
  • Employee Training: Our team receives ongoing training on best security practices to ensure they are aware of the latest threats and how to mitigate them.

  1. Monitoring and Logging

  • Activity Logs: We use WP Engine’s logging features to monitor and log activity on our site, including admin logins, changes to user accounts, and updates to plugins or themes.
  • Anomaly Detection: WP Engine’s security team actively monitors for unusual activity and potential security threats, allowing us to respond quickly to any issues.