• 0
      1. Tu carrito está vacío.
    • artículo(s)0,00

Security in Ecommerce

September 29, 2020
September 29, 2020 Conecta Software

When we create our e-commerce platform we must take into account the security of this one. Security serves two main purposes. The first is to ensure the trust of our customers. Secondly, but of course no less important, we do our best to prevent potential attacks and fraud.

These two objectives are fundamental to the success of our business. For this reason we must invest time and money in improving the security of our online store.

With this series of tips we want to introduce you to the main aspects to be taken into account when it comes to the security of your ecommerce.

1. Choose a safe platform

First of all, to have an online store as safe as possible, we will use a secure and reliable e-commerce platform. Today there are different ecommerce environments to choose from, so it is important to choose the platform that offers the most security.

In Spain, WooCommerce the ecommerce plugin from WordPress y PrestaShop add up to more than half of the market share. Magento and Shopify are other interesting options.

Find out more about the range of e-commerce platforms available.

1.1 WooCommerce : WordPress Ecommerce

WooCommerce is a plugin for WordPress that allows you to develop an ecommerce under this platform. This is one of the most popular WordPress plugins (to say the least). While there are some aspects of security that should be shared regardless of the type of CMS to be used, in the case of WooCommerce, the Plugin must be updated each time the WordPress administrator is notified of a new update. In addition, the vast majority of security tips apply to the WordPress platform in general.

Unlike other ecommerce sites, WordPress always keeps the same name in links to its administration panel, being the first /wp-adminand the second /wp-login.php. To add one more layer of security to this part, there are multiple plugins in their marketplace that will help you change those urls to custom ones. Be careful, always remember what those new urls will be, otherwise you will not be able to access your administration panel easily. 

Another good practice is to change the limit of access to the WordPress login form to prevent attacksfor example, brute-force. For this, the WordPress Marketplace has a large number of free plugins. As an example, we can put WP Limit Login AttemptsA plug-in is available free of charge for all users who wish to download and install it. Another example of a plugin is WP Login Attemptswhich also supports Google's tool for knowing whether a human or a machine is going to access, called Google reCAPTCHAThe new version of the software, which can be integrated into both version 2 and version 3, is now available. 

Whenever possible, a scanning of all files that make up the WordPress platform to find out if there is any malicious code. For this, the marketplace offers multiple plugins that allow both scanning and other security tools to know if WordPress has been compromised. In many cases, the hosts also provide the client with a server-wide tool that performs other types of scans. In case the hosting administrator finds any malicious element, he informs the WordPress administrator, quarantining the compromised files until the administrator decides what to do. 

Another factor to take into account and which is of great importance, is to hide the url signatureIf this is not done (or it is also possible to change it), the username with which you log in to WordPress will be exposed. To do this, in the table wp_users from the database, you must change the user_nicename

1.2 Drupal : The CMS of an open source community

Drupal is a CMS totally different from WordPress. It has one of the largest and most extensive communities of developers in the world, with more than a million developers working on its code every day, so any bug is detected and corrected practically at once.

In addition, Drupal is compliant with the specifications of OWASP, the non-profit organization that is dedicated to determining and combating the causes that make software unsafe. 

When a user registers in Drupal, his credentials are encrypted within the database, using a SALT and then applying the HASH function called SHA512.

1.3 Joomla : The Web Development CMS

Joomla is a CMS which offers, through an administration panel, the development of a website. This panel allows the creation, modification and deletion of content. To protect Joomla, there are several free and paid tools that will help you protect it. 

One of the best extensions in existence is SECURITYCHECKThe newest version of the software, which has both a free and a paid version. SECURITYCHECK PROThe paid version has, for example, firewall settings, malware scanning or geolocation blocking.

Akeeba Backup is another tool widely known within the Joomla community that allows you to manage backups. These backups can be carried out at scheduled times, which will facilitate the work of the CMS. It should be noted that this tool is also available for the WordPress platform.

Finally, RS FIREWALL is another extension that allows you to add a security layer to Joomla to protect it from brute force attacks, sql injection or denial of service attacks. 

1.4 Magento | One of the main ecommerce platforms

Magento is among the main ecommerce platforms most used worldwide, being one of the main competences of Prestashop. To protect it, it is necessary to carry out certain checks such as the checking file permissionsbeing the recommended thing:

  • Directories: 775.
  • Files: 664.
  • Local file.xml: 600.

In addition, you must avoid using the user admin as brute-force attacks tend to use such a user. You should also rename the folder downloader and the URL backend entry editing the file local.xml.

As in other CMSThe extensions must be up to date, including templates and plugins. You should also use strong usernames and passwords and a SSL certificate

2. Use secure payment methods

When it comes to payment, customers mostly opt for the credit or debit card. To implement these payments with the cards we can use any payment gateway always making sure it is a safe option. This stage of the payment is usually the most vulnerable since we will be handling relevant data such as the card number or bank details of your client. That's why we must do everything possible to avoid fraud or other lucrative activities.

In addition to payment gateways, another option is to use platforms such as Paypal o Stripe which also guarantee a great deal of security.

There are many more aspects to highlight about the means of payment.

 

3. Do not store sensitive datacustomer stories

It is not necessary to store certain sensitive data such as credit card numbers, expiration date, or the CVV. We must securely store data that is necessary for returns and refunds. It is not recommended to store all sensitive data because it gives hackers the opportunity to steal information and use it for profit.

4. S CertificatesSL

A very elective aspect of ensuring the security of your ecommerce is to employ the SSL certificates in your domain. This type of certificate allows you to navigate with the https protocol and gives more confidence to the customers. The certificates allow us to encrypt data such as user name or password and make it travel securely between the user and the server.

An SSL Certificate protects a Web site and its users, for information exchange, for better positioning, and for security and trust. Meet 3 of the best known companies:

The hosting service of Conecta Software for online shops and websites, includes the installation of the Let's Encrypt security certificate. For more information, please visit our Hosting

5. About us

Once we have checked that we have all the technical aspects to ensure our ecommerce, it is also important to communicate this to our customers. More experienced users look directly for clues, such as the green padlock next to our URL and that indicates the correct installation of a safety certificate.

They also easily recognize the Redsys logos, PayPal, View, etc.

If you want to know the legal aspects and our privacy policy and cookiesThe pages that we have previously created will be accessible to you.

But we can do even more. Clear communication, easily accessible answers to frequently asked questions (shipping and return policies, product features, etc.) and reviews from other users reinforce the positive experience. In addition, we can develop our strengths on the company page, or "About Us".

Check out this guide to learn about the opportunities offered by the development of this key page to tell the story of the company.

 

If you want to learn more about ecommerce security discover our book

Maybe you'd be interested:

Introduction and basics on cybersecurity

How RGPD affects the online store

 

 

Get in Touch
newsletter

Subscribe to the newsletter on ecommerce and digital transformation

Trends, guides
and latest news in ecommerce
technologies.

And receive the first chapter of our book
«Connect your business- The digital transformation of sales»

newsletter
Get in Touch
Contact
connect-logo-white-retinue

Product

Info

Support

Connect your business.

Branding

In HUB 360 you will find all the technology and services for your e-commerce strategy.

Ecommerce

Integrate your ecommerce with your ERP management system and all your channels to sell online.

Analytics

BI Studio dashboards are your next generation business intelligence tool.

922-014-341

Project co-financed by the European Regional Development Fund. Beneficiary: Conecta Software Soluciones SLU. File number: EATIC2019010001. Approved Investment: 173.800,00 ?. Start date: 01/04/2019. Completion: 30/09/2020. This project aims to develop a multilingual user layer and dashboards for web and windows environments of Business Intelligence solution.

Project co-financed by the European Regional Development Fund. Beneficiary: Conecta Software Soluciones SLU. File number: PI2019010001. Approved Investment: 6,444.80 Start date: 17/10/2018. Completion: 16/10/2019. The present project aims at developing a connector software that automates the generation of virtual catalogues so that the company can offer in its Online Store products with a wide description and with images that make the user experience richer and more complete.

2020 ALL RIGHTS RESERVED. CONNECT SOFTWARE

Contact
English (UK)