Posted on

Mitigating WooCommerce Exploits

WooCommerce, the payment system used on WordPress websites, has had a security vulnerability discovered in its payment plugin. What does this mean for you?

MTech Repairs Business Customers

If you are a business customer of ours and have a website from us, we have already ensured WooCommerce Payments is up-to-date should your website be using it. If you notice irregular activity, make sure any admin passwords are changed and you update your API token as soon as you notice it. A guide on how to do that can be found here. If you need assistance with this, reach out to us at no additional charge!

Website owner utilizing WooCommerce Payments

If you are a website owner and your website utilizes WooCommerce Payments, the plugin should have been updated for you automatically, but it’s always considered good hygiene to make sure that’s up to date. It’s also recommended to change any administrative passwords and rotate your WooCommerce API token if you notice anything irregular. A guide on how to do that can be found here. Feel free to reach out to us if you need help with this, your website does not need to be hosted by us for you to take advantage of our technological expertise.

Customers

If you are a customer of a website that uses WooCommerce Payments, this security vulnerability doesn’t affect you given our current knowledge. Should your account be compromised from this vulnerability, it is the website owners’ responsibility to notify you about the breach. If you are concerned about your account being compromised, our recommendation of changing your password and enabling two-factor authentication where possible still stands strong. Furthermore, we always recommend using a password manager to generate long, secure, unique passwords for every website you create an account with.