WooCommerce Vulnerability ALERT – The Steps To Take To Keep Your Store Secure
It’s bad news. WooCommerce was compromised on 13th July and a critical vulnerability was found in WooCommerce and WooCommerce Blocks plugins.
A lot of people were confused if only WooCommerce stores running the WooCommerce Blocks Plugin were impacted. Unfortunately, that’s not the case.
It’s basically a red alert for all WooCommerce store owners – whether they’re running the WooCommerce Blocks plugin or not.
With that said, what to do now?
Is WooCommerce still safe to use? Of course, it is. But like all open-source and self-hosted software, WordPress and WooCommerce do require regular maintenance and this is something we always stress on during our consultations with our clients.
The good news is, the WooCommerce team worked around the clock and released a patch for every impacted version.
They are even forcing auto-updates on stores that have the auto-update feature turned on.
However, very few stores actually keep that feature on due to technical complexities that arise because of it.
If you’re one of those, you need to manually update WooCommerce ASAP.
The only problem is, it isn’t as simple as hitting the Update button.
Updating WordPress and WooCommerce does require some technical chops and can result in complexities.
It’s actually a delicate, step-by-step process that includes rigorous testing of updates on Local, Staging and Production environment to make sure your site’s functionality doesn’t break in the process.
Keep in mind that you’re dealing with your storefront. If things go wrong on your live site, it can potentially turn your customers away.
Here, we’ve detailed the step-by-step process, in case you still want to go ahead and do it yourself.
But if you want to escape the technicalities and focus on those other hundred things going on in your business, we have an easy workaround for you.
At Codup, we’ve 50+ developers who are well-versed in WordPress and WooCommerce software and 10+ QA people whose sole job is to test things. We’ve created this much-needed WordPress and WooCommerce Maintenance Package in which we make sure your site performs fast, stays secure, and is always in its best form.
Want to learn more about our WordPress and WooCommerce Maintenance Service?
Just hit this link and drop us a message. We’ll schedule a call with you ASAP.
Want to go ahead on the DIY route? No issues, we’ll help you go down that route.
Here are the steps you need to follow.
Step #1 – Back Up Your Site
First, you need to make sure everything is backed up or else you could lose all the hard work, time and money put in to get your store set up. I mean you wouldn’t want to start off again with a clean slate, would you?
Here is how you can use a free plugin called Updraft Plus to back up your WordPress site.
Step #2 – Turn Off Caching
Second, turn off any caching plugins as it can have a bizarre effect on the update process.
Step #3 – Update Your Plugins and Themes
To make sure your site doesn’t break during the update and things remain as they are, you need to first make sure your theme and all other plugins aren’t outdated. Hence, start the update process with your theme and plugins.
Step #4 – Update the WooCommerce Plugin
There is a bit of complexity when it comes to updating WooCommerce to close this recent vulnerability.
Though it’s highly recommended that you update to the latest version of WooCommerce that is, version 5.5.1, you need to first update to the highest number possible in your release branch.
This means you need to check which WooCommerce version your store is running and then update to the latest version in that release branch.
For example, if you’re running WooCommerce version 4.8, you need to first update to WooCommerce 4.8.1 before going ahead and updating to 5.5.1.
Step #5 – Test Your Updates
Testing your updates is a critical process and can’t be escaped.
To make sure your store functions smoothly, you first need to deploy the updates on a Local environment.
Once things look fine on local, you should then push your site to a Staging environment where another round of rigorous testing takes place.
Finally, when you get the green light on Staging, deploy your site on Production.
This three-step process is integral to ensure your customers have a seamless experience and they don’t turn to other competitors after seeing bizarre things on a site that broke during the update process.
Step #6 – Update your WooCommerce Database
Once you’ve updated to the latest version of WooCommerce, you’ll probably see a notice to update your WooCommerce database. Your WooCommerce database stores and organizes all your store information and so, it’s important to update the database so it matches the latest WooCommerce version. This again requires some technical chops.
Step #7 – Turn on caching again
Since you turned it off earlier, you can now go ahead and turn it on again.
Step #8 – Back up your site again
If all is well, it’s time to take another backup before you can lean back and take a sigh of relief.
Well, of course, it’s easier said than done. Jotting down this step-by-step process barely took an hour.
But when you actually start doing it, it can very well make your head spin, especially if there are a hundred other things going on in your eCommerce business right now.
But there is an easy way out. And it’s called WordPress and WooCommerce Maintenance Services.
Hire WooCommerce experts at Codup to regularly maintain your store and keep away from headaches like these.
Reference Source: Critical Vulnerability Detected in WooCommerce on July 13, 2021 – What You Need to Know