woocommerce development Archives

(323) 863 - 2896

Posts Tagged ‘woocommerce development’

WooCommerce Development: Cost And Factors Affecting It!

March 7th, 2023

Categories: Woocomerce

Critical Vulnerability Spotted in WooCommerce on July 13, 2021 – At A Glance

July 27th, 2021

A critical vulnerability regarding WooCommerce and the WooCommerce Blocks feature plugin was discovered on July 13, 2021. Upon learning about this issue, the WooCommerce team instantly directed a deep investigation, audited all associated codebases, and created a security patch to fix the issue for every impacted version which was automatically deployed to affected stores.

Recommendation by WooCommerce

WordPress began releasing auto software updates to WooCommerce 5.5.1 on July 14, 2021, for all online stores running affected versions of plugins. The WooCommerce team recommended the store owners make sure that they’re using the latest version. For WooCommerce, the latest version was 5.5.2, released on July 23, 2021. But, the fixes in this version were not related to the security patch released at that time. They added, that if store owners are also running WooCommerce Blocks, then they should use version 5.5.1 of that plugin.

However, after updating to a patched version, the team also recommended:

Changing the passwords for any Admin users on the site, notably if they use the same passwords on numerous websites.
Resetting any Payment Gateway as well as WooCommerce API keys used on your site.

Data Compromised?

It’s still unclear whether the data of impacted stores had been compromised or not. As per WooCommerce, the exposed data was specific to what an affected site was storing including orders, customers, and admin info. However, in an email, WooCommerce intimated to web store owners that sites hosted on WordPress.com as well as WordPress VIP had already been secured.

WooCommerce rolled out the security patch to fix the issue with auto software updates still in releasing process. The security patch was rolled out for the security of all stores running on impacted versions of each plugin. The company is still working with the Plugin team to update as many stores as possible to the secure version of WooCommerce.

How Can You Check If Your Store Was Exploited?

Due to the humor of this vulnerability, and the flexibility that WordPress offers in handling web requests, there’s no such way of verifying an exploit. However, you may be able to catch some exploit attempts by checking your web server’s access logs. As per WooCommerce, request logs in these formats were seen between December 2019 and now which indicates an exploit attempt:

REQUEST_URI matching regular expression

/\/wp-json\/wc\/store\/products\/collection-data.*%25252.*/

REQUEST_URI matching regular expression

/.*\/wc\/store\/products\/collection-data.*%25252.*/

Any non-GET (POST or PUT) request to

/wp-json/wc/store/products/collection data or /?rest_route=/wc/store/products/collection-data

Moreover, WooCommerce claimed that requests that they have seen manipulating this vulnerability come from mainly three IP addresses, with more than 98% coming from the first IP address in the following list. So, if you observe any of these three IPs in your access logs, you can confirm that your store was exploited. These IP addresses are as follows:

116.119.175
158.78.41
233.135.21

Which Passwords Do You Need To Change?

As per WordPress, it’s improbable that any of your passwords was compromised. WordPress user passwords are hashed using cryptographic salts, so the resulting hash value is too hard to crack. This concept of salted hash not only protects admin user’s password, but also the passwords of any other users on your store. However, WordPress revealed that it’s probable that the hashed version of the passwords stored in your database may have been invaded through this vulnerability.

According to WooCommerce, depending on the plugins on your store, you may have sensitive info or passwords saved in less secure ways. So, they recommend updating those passwords that the Admin users on your site are using on multiple distinct websites. This is just for your security on other sites as well. WordPress also recommends checking as well as modifying any private or secret data stored in your WooCommerce database. This may involve API keys, keys for payment gateways, and more, depending on your specific store preferences.

Is WooCommerce Still Safe To Go With?

Yes!

Situations like this are unusual but can occur sometimes. However, as a certified platform, WordPress is always ready to respond instantly and work with full transparency in such unfortunate situations. As soon as they learned about the vulnerability, the WooCommerce team has worked nonstop to ensure a fix ASAP. Their continuous investment in WooCommerce security allows them to survive the vast majority of issues. However, in rare cases that could affect stores, the team strives to fix instantly, communicate proactively, and work collaboratively with the WooCommerce Community.

Tags: woocommerce designing, woocommerce development, wordpress development, Wordpress Support and Maintenance services

Categories: Ecommerce, Wordpress

Leveraging WooCommerce to Transform WordPress Sites to E-Commerce Stores

November 19th, 2019

It is common knowledge that a majority of websites active on the internet today are created using the WordPress CMS. the reason for that is simple. WordPress is easy to use and free. Its incredibly user-friendly and can be set up by anyone even if they have minimal technical knowledge. Even though many platforms are used today for creating e-commerce sites like Shopify, BigCommerce, and Magento, WordPress is still being used by many online retailers or companies that even occasionally sell products through their website.

In this post, we will outline some of the steps that you need to follow to successfully set up and launch your new e-commerce site using WordPress.

Step 1) Get Hosting

There are several hosting providers that you can choose from including Hostgator, Bluehost, GoDaddy, etc. Go over all their hosting plans and choose the one that suits your hosting requirements. Compare costs as well as their customer support before making a decision and always check customer reviews.

Step 2) Choose a Domain Name

Your domain name should be something that represents your business. It should also be memorable so that in the crowded internet space and the competitive e-commerce sector, your site can stand out. You can do some keyword research for this purpose to see what are some catchy terms related to your products that people are searching for in your target area. If you want to, we suggest registering all domain extensions like .com, .net, .us, etc to fend off copy cats.

Step 3) Install WordPress

Following the instructions shared by your hosting provider, you can log in to your Cpanel and install WordPress. After the successful installation of WordPress, you can log into your WordPress dashboard using your credentials. It is advised to keep the credentials to your Cpanel as well as your WordPress dashboard private.

Step 4) Set up WooCommerce

WooCommerce takes a WordPress website and helps by transforming it into a fully functional e-commerce store. The steps for setting it up are simple and given below –

Download and install WooCommerce. Answer the questions in its setup wizard for an easy set up within minutes.
Choose a theme that is compatible with WooCommerce and proceed to install it.
Once that is done, you will get an option to add products on the dashboard of your site. Click on add new product and follow the steps to add your first product.

Step 5) Choose a Theme

If the theme you are already using on your WordPress site is not compatible with WooCommerce or you are looking to update the theme, you can choose from a wide range of themes that are perfectly compatible with WooCommerce. Some of the best free WooCommerce themes are – TheShop, ShopIsle, eStore, Storefront, and Easy Commerce. There are several premium themes you can choose from too if you are not satisfied with the free ones.

Step 6) Set up Pages

If you are setting up a new site instead of converting an existing WordPress site to e-commerce, then you need to set up all the required pages like Home, About, Shop, products, Blog, Cart, Thank-you, etc. Even if you did have a working WordPress site before adding WooCommerce, some pages that are unique to e-commerce stores like the Shop and cart pages would still need to be set up.

Step 7) Optimize for SEO

After your e-commerce store is launched, the next step is to focus on its SEO. The first thing to do is install and activate the Yoast SEO plugin. It is considered one of the best SEO plugins and it is free. Then continue to customize its settings as per your requirement. Yoast can then be used to add Meta-Titles and Meta-descriptions to every single page and product. Sitemaps, robots.txt files can also be created using Yoast. There is also an alternate option to Yoast called All in one SEO pack which you can use if for some reason you do not wish to use Yoast.

Conclusion:

The above steps outline the general process for turning your WordPress site into an e-commerce store. It is suggested that you hire a WooCommerce development company with years of experience in creating successful e-commerce stores for your online store. This will give you the help ofcertified professionals that know what achieving e-commerce success consists of.

Tags: woocommerce development, wordpress development

Categories: Ecommerce, Woocomerce

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others