It is your responsibility to ensure the security of your customer's information
WooCommerce POS allows payment using any installed WooCommerce gateway. If the payment gateway collects personal information it is up to you to ensure the security of your customer's information. Below are some tips for keeping your POS secure:
If you are running an online store you should have a security certificate for your website. This will ensure any form data you send, such as logins and credit card numbers, will be encrypted. If you are not using a security certificate any information you send over the internet can be intercepted and read, this might be someone sharing your network or it could be at any one of the dozens of nodes that connects your computer to your server. A basic security certificate costs as little at $US16 and takes less than a day to set up .. so there are no excuses for not having a security certificate.
Snooping over the internet is just one way your security can be compromised, but more often the real damage is done when a malicious user gets physical access to your device. This is particularly pertinent to store owners who often leave their computer or tablet in high traffic areas. Plan for the worst case scenario that someone steals your computer or device and minimise the risk by employing some security measures, such as:
- Use a lock screen when your device is unattended for 5 or 10 minutes
- Log out of WordPress and WooCommerce POS when you leave your device
- Reset your passwords quickly in the event that your device is stolen
- Remote wipe your device in the event it is stolen
One of the great things about WordPress is the 1,000's of plugins available at a click of a button ... but it's also one of the worst. Each time you install a plugin you are effectively granting that plugin access to your website and any data passing through it. I know it tempting to 'pimp' your store with every plugin under the sun, but quite often this will make your site slower and it may make your site insecure. Before you install any plugin you should ask yourself:
- 1.Do you really need it?
- 2.Do you trust the plugin author?