So the free version of Wordfence should cover everything?
Each of the available security plugins can secure a WordPress installation. Take a look at them: https://wordpress.org/plugins/tags/security/
It is up to you to choose one to secure your project. But the choice of plugin alone is not enough. You also need to make sure that the hosting is secure – use as few access points as possible (such as FTP etc.), use 2FA for all logins. Backing up the project is particularly important, as regularly as possible and not within the hosting.
Also take a look at this article:
https://developer.wordpress.org/advanced-administration/security/hardening/
But also check whether the store actually stores such sensitive information in its own database. If you use an external service provider such as Stripe or PayPal, no information will remain in WordPress. The external service provider is responsible for such data and is usually also protected accordingly. In this case, you should of course take care of the store’s security, but you don’t have to take the most extreme measures.
Ok yes the business uses PayPal and major credit cards. it does make me feel more comfortable knowing that most of the security lays on them and not me! 🙂
However, this is no reason to do nothing for the security of the store, but don’t overdo it 😉 You are welcome to set the topic to solved if that clears it up for you.
