MyCryptoCheckout Security Features

As cryptocurrency adoption grows, so do the threats targeting WordPress e-commerce sites. Because you are accepting payments directly to your wallet, the security of your WordPress Admin Dashboard is just as important as the plugin itself.

We have introduced a suite of security tools directly into MyCryptoCheckout to help you harden your store against common and more advanced WordPress attack vectors.

🛡️ Built-in Hardening Tools

You can access these options by navigating to Settings > MyCryptoCheckout > Global Settings > Security.

1. Administrator Lockdown (Freeze Admin Creation)

  • What it does: This feature places a total freeze on the creation of any new Administrator accounts.

  • Why you need it: Many modern WordPress hacks attempt to “escalate privileges” by secretly creating a rogue admin user. This setting blocks that action at the database level.

  • Recommendation: Keep this ON (Checked) at all times. Only uncheck it temporarily if you need to manually add a new administrator.

2. Disable Application Passwords

  • What it does: Completely disables the WordPress Application Passwords feature.

  • Why you need it: Hackers often use compromised Application Passwords to bypass Two-Factor Authentication (2FA) and modify site settings remotely.

  • Recommendation: ON (Checked).

3. Disable File Editors

  • What it does: Disables the built-in Theme and Plugin editors in the WordPress dashboard.

  • Why you need it: If an attacker gains access to your dashboard, the first thing they often do is use the file editor to inject malware into your theme/plugins code. Disabling this removes that capability.

  • Recommendation: ON (Checked).

4. Disable XML-RPC

  • What it does: Shuts down xmlrpc.php, an older API often used by bots to launch brute-force attacks.

  • Recommendation: ON (Checked).

👁️ Active Monitoring Systems

These features run automatically in the background to protect your checkout integrity. No configuration is required.

Wallet Change Notifications

To prevent unauthorized modification of your receiving addresses, the plugin monitors your wallet settings 24/7.

  • Instant Email Alert: If your wallet addresses are manually updated via the WordPress Dashboard, the site administrator immediately receives a notification email containing the User, Time, and IP Address of the change.

Frontend Heartbeat Protection

The plugin includes a client-side heartbeat system that protects the checkout process from external interference, such as malicious browser extensions or XSS attacks.

  • Real-time Verification: The checkout page continuously verifies that the displayed wallet address matches the wallet address in your settings.

  • Automatic Intervention: If any discrepancy is detected during the payment process, the system automatically redirects the customer away from the payment page.

🔒 Disable Wallet Editing

You can completely disable the ability to edit wallet addresses via the dashboard.

Add the following line to your wp-config.php file:

define( 'MYCRYPTOCHECKOUT_DISABLE_WALLET_EDITOR', true );

Standard WordPress Best Practices

While MyCryptoCheckout secures the payment process, you must also secure your “Front Door.” We strongly recommend:

  1. Enable Two-Factor Authentication (2FA): Use a plugin like WP 2FA or Google Authenticator to protect your login page.

  2. Monitor Activity: Use a security suite like Sucuri or Wordfence to scan for malware and log user activity.