The Security page in the SentSays WooCommerce plugin helps you monitor and manage the safety of your integration. It ensures all communication between your store, SentSays, and WhatsApp is handled securely and follows best development practices.

Security Status Overview

The plugin provides real-time checks to confirm your WordPress site and plugin are configured securely. These checks include:

  • Input Validation & Sanitization: Protects against injection and malformed data
  • Nonce Verification: Prevents CSRF (Cross-Site Request Forgery) attacks
  • API Rate Limiting: Controls excessive requests and abuse
  • Data Encryption: Sensitive data (like API keys) is stored securely

Key Security Features

HTTPS/SSL Check

The plugin verifies if your website is running on HTTPS. If not, it will alert you to enable an SSL certificate to ensure encrypted message delivery.

Admin Access Control

Only users with admin privileges can configure or view sensitive plugin settings like API keys and debug logs.

Debug Mode Warning

If Debug Mode is enabled, the plugin clearly marks it and recommends turning it off on production sites to prevent performance or data exposure risks.

Debug mode should only be used in development or testing environments.

Security Recommendations

The plugin automatically scans for common issues and provides real-time recommendations, such as:

  • Enabling SSL
  • Disabling debug mode on live sites
  • Keeping WordPress and plugins up to date
  • Rotating API keys periodically

SentSays is committed to secure messaging. This page ensures your WhatsApp communication is protected, your customer data is safe, and your store follows modern WordPress security standards.