WooCommerce Maintenance Services | WooCommerce Support

Keeping your WooCommerce plugins and themes up to date is essential for both security and performance. Outdated software can introduce vulnerabilities or cause issues that slow your site down. Priority Pixels takes care of these updates, ensuring everything stays current and fully compatible. Every update is tested before going live to avoid conflicts or functionality issues. It’s all part of keeping your store secure, reliable and running smoothly.

Advanced monitoring keeps a constant eye on your WooCommerce store to ensure it stays live and accessible. Frequent checks help catch issues early, often before they become noticeable. If downtime or technical problems occur, instant alerts allow the team to respond quickly and get everything back online. This proactive approach keeps disruptions to a minimum so your business stays up and running and your customers aren’t left waiting.

Speed matters in ecommerce. Optimising your WooCommerce site involves everything from compressing images and reducing code bloat to setting up caching and using a CDN. These improvements help your store load faster, improve search rankings and keep customers engaged. Priority Pixels handles all aspects of performance, making sure your site runs quickly and efficiently for every visitor.

Our hosting servers are PCI compliant, which means that most ports are secured from public access. Only essential ports are open, such as Port 21 for FTP (restricted by IP address), Port 80 for HTTP, Port 443 for HTTPS. We also ensure secure communication by disabling older versions of Transport Layer Security (TLS) protocols. Only TLS 1.2 and higher are supported, meaning any data exchanged between your site and its users is encrypted and safe from prying eyes.

We conduct daily backups that retain a minimum of 14 days' worth of data. In the event of an exploit or unforeseen vulnerability, this allows us to restore your website quickly to a previous, unaffected state. These backups are stored on a separate server to minimise the risk of infection from any scripts running on your live site. For an additional £10 + VAT per month, we can extend the backup retention period to 28 days.

Direct access to your database is granted only to users with whitelisted IP addresses. This prevents unauthorised parties from making changes to your site’s data. Additionally, during website development, we apply custom table prefixes (instead of the default 'wp_') to make it more difficult for attackers to guess database table names, reducing the likelihood of compromise.

Our security systems block malicious traffic, such as aggressive bots, scrapers and crawlers, from accessing your site. This reduces server load, helps prevent downtime and conserves bandwidth. Legitimate search engines, like Google and Bing, remain unaffected.

By default, XML-RPC is disabled on our hosted sites. This feature, while useful for some, is a known vulnerability for WordPress websites. For enhanced security, we recommend using the WordPress REST API, which offers a more secure alternative. If XML-RPC functionality is required, we can enable it and restrict access to authorised IP addresses.

Our sites are regularly scanned for suspicious files and vulnerabilities. With WordPress sites heavily reliant on plugins, newly discovered vulnerabilities can be exploited quickly. Regular malware scanning ensures that we receive immediate notifications when a vulnerability is detected, allowing us to secure it promptly.

Login security for hosted websites is reinforced through multiple protective measures. The default WordPress login URL is masked, making it difficult for unauthorised users to locate. To prevent brute force attacks, a failed login threshold is in place, blocking users temporarily or permanently after multiple unsuccessful attempts. Multi-factor authentication (MFA) is enabled, offering various secure login methods, including email OTPs, authenticator apps, backup codesand web authentication using fingerprint or facial recognition. Additionally, where feasible, access to the login screen can be restricted by IP address. These measures work together to enhance security and prevent unauthorised access.

We implement industry-standard security headers to protect your website from common threats, following the OWASP Top Ten security recommendations. These headers help mitigate risks such as cross-site scripting, clickjackingand other vulnerabilities. Key configurations include X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Strict-Transport-Security, Referrer-Policyand Permissions-Policy. By enforcing these security measures, we strengthen your website’s defences against potential attacks.

We block unauthorised attempts to discover valid login usernames through query strings like ?author=1, ?author=2, etc., preventing attackers from obtaining usernames to exploit. Attackers use these queries to uncover usernames associated with your site’s author pages, which they then use in brute-force attacks to guess password combinations. By blocking this method, we prevent hackers from gaining a key piece of information, reducing the risk of a security breach.

Our systems detect unusual 404 errors to identify malicious actors attempting to exploit potential vulnerabilities on your site. If a user triggers an excessive number of 404 errors within a short period, they are automatically banned, protecting your site from potential threats.

We implement Google reCAPTCHA in all forms across your website, protecting against abuse by automated bots and ensuring that only legitimate users can submit forms or register.

To protect against compromised credentials, we verify passwords entered in the default WordPress login or registration forms against a public database of breached passwords using the Have I Been Pwned API. If a password is found in this database, the user must reset their password before gaining access, ensuring maximum security.

Your site is built and maintained using the latest version of PHP, ensuring the highest level of security and performance. Keeping PHP up to date helps protect your website from existing and emerging threats.

To prevent brute-force attacks on your login area, we avoid using common or default usernames such as ‘admin’ or any that match your site name. Any attempt to log in using these usernames is automatically blocked, adding an extra layer of security.

We restrict PHP execution in directories where it is not needed, such as the wp-content directory, to prevent malicious scripts from being executed if a vulnerability is exploited. If harmful PHP files are uploaded, they are rendered inactive until detected and removed.

By default, users who select the 'remember me' option remain logged in for 14 days. This extended login period can pose a security risk, as it provides hackers with more time to hijack the login cookie and gain access to your account without needing your credentials. We shorten the duration that a login remains active to reduce the opportunity for malicious third parties to exploit inactive sessions.

Pingbacks are notifications sent to a website when it is mentioned by another site, serving as a form of courtesy communication. However, this feature can expose your site to unwanted traffic and potential DDoS attacks, which can overwhelm your server and result in an influx of spam comments on your posts. To protect your site from these risks, we disable trackbacks and pingbacks.

We disable WordPress’s built-in file editor, which allows users to modify theme and plugin files directly from the admin dashboard. This reduces the risk of unauthorised changes and prevents potential exploits, ensuring that all updates and modifications are performed securely via File Transfer Protocol (FTP).