In episode 159 of our podcast, I chat with Chris Wiegman, Senior Software Engineer at WPEngine.

Security and Privacy with Your WordPress eCommerce Site

We chat about:

What has been accomplished with privacy in the last year in the eCommerce/WordPress spaceWhat is the biggest weaknessTwo top privacy issues to consider when starting to sell on WordPressWhat you should look for when purchasing on a siteWhy it’s easier to plan what you collect vs. removing it after the factWhether people are becoming too paranoid or complacent when it comes to privacy

Today we are revisiting a topic that stays in the forefront of our minds.: privacy, eCommerce and WordPress. Chris has a long history around security and privacy in the WordPress space. The two go hand in hand, so I asked Chris to share some insights and tips.

We started out with Chris sharing what he felt was the biggest stride we have made in the space this year. We also look at the flip side of things and talk about what is still a large weakness with privacy in the eCommerce and WordPress space.

Chris shares his advice on the top two pieces of the puzzle when you start selling using WordPress. From there, he gives us three important things to be aware of when visiting an online store or site as you consider making a purchase there.

We also talk about how important it is to plan just how much information you need to collect when starting your site vs. thinking about how to remove it later on.

I ask Chris to close out the show with his opinion on whether we have become a population of tin foil hat wearers or are we so getting so use to all of this that we are indifferent?

Of course the conversation takes us into different directions and the result is giving you the approach to take to make sure you are protecting your customers and your own privacy.

Tips and Insights from Chris

Advances in the last year

I think the biggest strides bookend this year. And that was GDPR last year, followed up by CCPA this year.

We’re seeing that individual site owners are meeting with their legal counsel or something similar. That might be to set up just to make sure that they are meeting privacy terms and things like that. I’ve seen much more at the grassroots level than anything top-down.

The largest weakness in the ecosystem

We’re seeing hosts popping up strictly with their entire marketing schemes. That says a lot when you’re talking about WordPress as a stage.

The amount of data processing involved in eCommerce is still a weakness on a system and on a legacy. What’s become a legacy system like WordPress is getting better. But these are oftentimes outside solutions that the individual site owner has a hard time controlling. Maybe the host that you’ve been on for 10 years and you have a lot invested in, isn’t really emphasizing e-commerce, where other hosts are.

Data breaches, plugin vulnerabilities, all the things that have been a classic nemesis to WordPress and security in general, especially the update thing, becomes even more pronounced in the WooCommerce space.

Two top privacy pieces for the first-time seller

One would be data minimization. It’s tempting to say I need all of this data on my customer and I need to store it forever. What if they come back? If they’re just doing a digital download, you might not need their address. You might need a zip code or something else for tax purposes, but you may not need all the data you’re getting.

The second one would be watching how you handle user accounts. Try enforcing strong passwords for your users. Password managers are a good thing for this. You can’t solve every issue, but taking your user accounts security for granted is going to get you in trouble.

Limiting data now or later

Part of the problem with the decentralized solution is purging individual data isn’t highly dependent on how you’ve se