The most valuable asset for your WooCommerce business is your customers who buy your product or service. Their choice of giving your business their email address, credit card numbers, shipping address, brings to the table a key topic for store managers: trust and data protection.

In fact, your store's customers demand your business to protect their data and information they've shared with you. If they're unsure whether your store is a safe and secure place for their data, they'll reconsider how trustworthy you are. And trust is so fragile that could be lost for good.

Data protection isn't strictly related to being under attacks from hackers. It means having a bunch of tools and strategies in place to keep safe and sound your customer's sensitive data. Both in good and bad times. And, we all know, things could break eventually.

As a WooCommerce store manager, you surely want to lower your chances of a store crash, downtimes, broken database issues you've heard of. That's why I've grouped here the critical aspects you ought to know now, when things are running smoothly, so that you can use them if/when disaster strikes.

Let's get started, shall we?

Prevent data loss with database backups

Step one to any data safety strategy is to maintain a backup. If due to any unforeseen circumstance you lose valuable information, you have a place to get your data back and you won't end up at square one with your business. WordPress developer and Codeable expert Robin Scott stresses out how having a solid system for backing up your store's data is important:

Rule number one to safeguard your store from disaster is having multiple backups, those automatically provided by your hosting company probably at least on a daily basis but also you should use your own backup software. It's recommended. It's simply good practice to have also an offsite copy of them. For that, you can use a backup service like UpdraftPlus, which stores the backup externally like in Dropbox or Google Drive.

Test your backups and updates

Having regular backups is just one piece of the entire puzzle. Since there are many WordPress backup plugins to choose from, you have to test run your backups to make sure they're proper and aren't creating corrupted or incomplete files at a crucial moment. The choice of a backup plugin should be based on your store configuration, needs, and in-house resources (who's going to be in charge?). As Robin highlights:

With our clients, we basically use a server-to-server link to generate backups. But there are quite a few options on the WordPress plugins repository and the question really is: 'Which one works in your environment?' So, your goal is to find a good one and then test it: try it and restore from those backups you're getting. It's boring, I know but it's crucial. Some of these tools don't work. And, sometimes, it could be the case that your host might have a restriction on the length that your backup can run. So, actually, you think you've got backups, but what you've got is half a backup. That's why you need to check them.

And it's not just backups, even your updates need to be tested before they’re taken to the live website. It's important to run tests to pinpoint any errors that might cause major headaches in the future. Robin further elaborates:

Testing is going to prevent disasters. You should always test updates after you put them on the live site, at least the transactional side of things. Test everything before you do it but also test everything after you've done it. If you can take up an issue in staging, before it's happened on the live site, that's a good thing. If it happens on the live site, that's when you start to get data issues.

Put hack prevention in place

Beside correct backup files and a thorough testing approach, the next thing you should take care of to prevent data issues with your WooCommerce store is hardening its security. It all starts with your hosting provider, who should already offer some tools to keep the "bad guys" off of your data. But, as you know, when security and data leak is at stake, more is always better.

That's why don't have to forget your store is running on WordPress and all security best practices for WordPress websites are applicable (and strongly suggested) in this case as well. As Robin comments:

When we're talking about disaster prevention, it's also a matter of safeguarding or hardening the security in WordPress itself. Most of the good hosts have some sort of hack guarantees and they have firewalls in place to prevent bad behavior. At the same time, though, you should have something in place. It's the basics.

One aspect that directly affects the security of your store's data has to you with your users - not customers- and who's been granted access to your backend. Specifically, it's in the way you have configured and manage user roles in your WooCommerce store. In Robin's words:

Don't allow anyone access to your store who doesn't need it. Don't give anybody admin access, unless they absolutely require it. For most scenarios, that's really only developers and one person in the business. Anyone who's just doing data entry and all the management doesn't need to have admin-level access to the website. WooCommerce has got a Shop Manager role and you should use it. It's the best thing to do because it prevents that person from making mistakes. But it also it keeps the admin panel pretty clear of all of the options that they don't need to be seeing as well.

Here's a good resource to learn more about roles and what they can do (or can't do) in your WooCommerce store.

What you need to know before your WooCommerce store crashes or gets hacked

Bad things happen in our life, hence in your life of a store manager. That means your store could break and even become unreachable for no apparent reason. When that happens, you'll need to keep in mind what's the most important data you need to secure and always have handy:

  • Order numbers
  • Customer IDs

These two types of data are the most critical to a store and it'd be pretty darn hard to retrieve them if things go south. As Robin exemplifies:

The situation we're trying to avoid is the loss of transactions, which is really a disaster in itself. It's really hard to recover from as well. The primary thing you'd want to be backing up is the order numbers and customer IDs. In an ideal world, they'll be backed up every instant. We use AWS a lot and we create a snapshot of the whole database server and a snapshot of the whole file system the website is living on. That's done very regularly and on a rolling cycle and it gives us a complete image of everything involved.

That's the best disaster-prevention stack for lowering the chances of not incurring in major data losses and nightmare-ish times to get everything back correctly. Yet, given the advanced configuration and tools required, many small business budgets will hardly be able to accommodate that advance setup. In Robin's words:

That configuration stack is an ideal scenario, but not every store is in that situation. It then goes down to daily and automated backups performed by someone at your company and by good hosts like WP Engine, Kinsta, or any provider like that. At the end of the day, the whole thing is really about as much as you can afford and as often as you can.

This aspect is a critical choice for any WooCommerce store manager but might require some technical knowledge to clearly understand how all the parts work together. Consulting with an expert could help you get a better picture of it all.

You know, though, that if you had all the measures in place to prevent disaster from happening, it could still be happening, right?

Let's see what you should do, then!

What you need to do when your WooCommerce store crashes or gets hacked

Breathe, it's game on!

What would you do when your WooCommerce store breaks? Would you just easy-peasy click-restore it from a backup? Would you ask your host to do that for you and revert your store to an old functioning instance? Wait, please! There's a key thing you must do before touching your backup files or do anything else.

Recall to your mind what you just learned: you don't want to lose order IDs and order numbers. So if the store drops out, it's hacked or you have a disaster happening, you have to hold your horses a bit longer and refrain your desire to reverting to a previous state.

Why that? Because doing so would make you lose all the data that had happened between crash and restoration of your WooCommerce store. And that's something no store manager wants to do to their business. When your website crashes to the point that you need to restore it, there might be data that was being entered or that is entered during restoration. If you’re not careful you might end up losing that data. Robin explains:

If orders have happened or maybe new customers have signed up accounts since the time that the disaster occurred, you're going to need to secure that information from the current live database before you restore from backup. To do that, copy that database straight away. It might sound counterintuitive because it's gone wrong, but that's the data you need. So, copy your live database, get a copy of it. It might not be accessible. It might be down. But you need to get a copy because an expert can go in there and can pull out anything that's salvageable. And particularly we're talking about customer IDs and order numbers. If somebody's paid money into your store, you want to find that order.

Your goal, at this point, is to do everything to lose the least data available in your database as possible. And if you had reverted to an "older" version of your store, you would have lost that data.

Wrapping up

Your first means of safeguarding your WooCommerce store from a disaster are as strong as your disaster plan and backup strategy have been set up. The weakest the latter, the worst the scenario you'll be experiencing.

WooCommerce stores are vulnerable to attacks and major issues that could result in downtimes, corrupted database, or simply being hacked. Things could fizzle out pretty fast sometimes, and it's at the times that a good disaster plan would show its real value.

You know the old saying "Cross that bridge when you come to it", right? Well, when things go bad - and they do eventually - there could be no more sales for your store by the time you'd crossed that bridge... think accordingly!


This blog post features Robin Scott, an experienced WordPress developer who's also one of the founders of Silicon Dales, an agency focused on WordPress, WooCommerce, and a variety of other services. Robin has specialized in several areas such as Custom Plugins, Gravity Forms, Hosting Transfer, Maintenance, and WooCommerce Extensions, just to name a few.

New call-to-actionQuality: The Codeable Differene