When we create our e-commerce platform we must take into account the security of this one. Security serves two main purposes. The first is to ensure the trust of our customers. Secondly, but of course no less important, we do our best to prevent potential attacks and fraud.
These two objectives are fundamental to the success of our business. For this reason we must invest time and money in improving the security of our online store.
With this series of tips we want to introduce you to the main aspects to be taken into account when it comes to the security of your ecommerce.
1. Choose a safe platform
First of all, to have an online store as safe as possible, we will use a secure and reliable e-commerce platform. Today there are different ecommerce environments to choose from, so it is important to choose the platform that offers the most security.
Find out more about the range of e-commerce platforms available.
WooCommerce : WordPress EcommerceEcommerce Intelligence Apps, CMS, Wordpress Plugins, PrestaShop
Drupal - The CMS of an open source communityEcommerce Intelligence Apps, CMS
Joomla - The web development CMSEcommerce Intelligence Apps, CMS
Magento - One of the leading ecommerce platformsEcommerce Intelligence Apps, CMS
BigCommerce - An all-in-one ecommerce platformEcommerce Intelligence Apps, CMS
ShopifyEcommerce Intelligence Apps, CMS, Ecommerce, PrestaShop
PrestaShopEcommerce Intelligence Apps, CMS, PrestaShop
WordPress : The CMS to develop your corporate websiteEcommerce Intelligence Apps, CMS
1.1 WooCommerce : WordPress Ecommerce
WooCommerce is a plugin for WordPress that allows you to develop an ecommerce under this platform. This is one of the most popular WordPress plugins (to say the least). While there are some aspects of security that should be shared regardless of the type of CMS to be used, in the case of WooCommerce, the Plugin must be updated each time the WordPress administrator is notified of a new update. In addition, the vast majority of security tips apply to the WordPress platform in general.
Unlike other ecommerce sites, WordPress always keeps the same name in links to its administration panel, being the first /wp-adminand the second /wp-login.php. To add one more layer of security to this part, there are multiple plugins in their marketplace that will help you change those urls to custom ones. Be careful, always remember what those new urls will be, otherwise you will not be able to access your administration panel easily.
Another good practice is to change the limit of access to the WordPress login form to prevent attacksfor example, brute-force. For this, the WordPress Marketplace has a large number of free plugins. As an example, we can put WP Limit Login AttemptsA plug-in is available free of charge for all users who wish to download and install it. Another example of a plugin is WP Login Attemptswhich also supports Google's tool for knowing whether a human or a machine is going to access, called Google reCAPTCHAThe new version of the software, which can be integrated into both version 2 and version 3, is now available.
Whenever possible, a scanning of all files that make up the WordPress platform to find out if there is any malicious code. For this, the marketplace offers multiple plugins that allow both scanning and other security tools to know if WordPress has been compromised. In many cases, the hosts also provide the client with a server-wide tool that performs other types of scans. In case the hosting administrator finds any malicious element, he informs the WordPress administrator, quarantining the compromised files until the administrator decides what to do.
Another factor to take into account and which is of great importance, is to hide the url signatureIf this is not done (or it is also possible to change it), the username with which you log in to WordPress will be exposed. To do this, in the table wp_users from the database, you must change the user_nicename.
1.2 Drupal : The CMS of an open source community
Drupal is a CMS totally different from WordPress. It has one of the largest and most extensive communities of developers in the world, with more than a million developers working on its code every day, so any bug is detected and corrected practically at once.
In addition, Drupal is compliant with the specifications of OWASP, the non-profit organization that is dedicated to determining and combating the causes that make software unsafe.
When a user registers in Drupal, his credentials are encrypted within the database, using a SALT and then applying the HASH function called SHA512.
1.3 Joomla : The Web Development CMS
Joomla is a CMS which offers, through an administration panel, the development of a website. This panel allows the creation, modification and deletion of content. To protect Joomla, there are several free and paid tools that will help you protect it.
One of the best extensions in existence is SECURITYCHECKThe newest version of the software, which has both a free and a paid version. SECURITYCHECK PROThe paid version has, for example, firewall settings, malware scanning or geolocation blocking.
Akeeba Backup is another tool widely known within the Joomla community that allows you to manage backups. These backups can be carried out at scheduled times, which will facilitate the work of the CMS. It should be noted that this tool is also available for the WordPress platform.
Finally, RS FIREWALL is another extension that allows you to add a security layer to Joomla to protect it from brute force attacks, sql injection or denial of service attacks.
1.4 Magento | One of the main ecommerce platforms
Magento is among the main ecommerce platforms most used worldwide, being one of the main competences of Prestashop. To protect it, it is necessary to carry out certain checks such as the checking file permissionsbeing the recommended thing:
- Directories: 775.
- Files: 664.
- Local file.xml: 600.
As in other CMSThe extensions must be up to date, including templates and plugins. You should also use strong usernames and passwords and a SSL certificate.
2. Use secure payment methods
When it comes to payment, customers mostly opt for the credit or debit card. To implement these payments with the cards we can use any payment gateway always making sure it is a safe option. This stage of the payment is usually the most vulnerable since we will be handling relevant data such as the card number or bank details of your client. That's why we must do everything possible to avoid fraud or other lucrative activities.
There are many more aspects to highlight about the means of payment.
3. Do not store sensitive datacustomer stories
It is not necessary to store certain sensitive data such as credit card numbers, expiration date, or the CVV. We must securely store data that is necessary for returns and refunds. It is not recommended to store all sensitive data because it gives hackers the opportunity to steal information and use it for profit.
4. S CertificatesSL
A very elective aspect of ensuring the security of your ecommerce is to employ the SSL certificates in your domain. This type of certificate allows you to navigate with the https protocol and gives more confidence to the customers. The certificates allow us to encrypt data such as user name or password and make it travel securely between the user and the server.
An SSL Certificate protects a Web site and its users, for information exchange, for better positioning, and for security and trust. Meet 3 of the best known companies:
The hosting service of Conecta Software for online shops and websites, includes the installation of the Let's Encrypt security certificate. For more information, please visit our Hosting
5. About us
Once we have checked that we have all the technical aspects to ensure our ecommerce, it is also important to communicate this to our customers. More experienced users look directly for clues, such as the green padlock next to our URL and that indicates the correct installation of a safety certificate.
They also easily recognize the Redsys logos, PayPal, View, etc.
But we can do even more. Clear communication, easily accessible answers to frequently asked questions (shipping and return policies, product features, etc.) and reviews from other users reinforce the positive experience. In addition, we can develop our strengths on the company page, or "About Us".
Check out this guide to learn about the opportunities offered by the development of this key page to tell the story of the company.
If you want to learn more about ecommerce security discover our book
Maybe you'd be interested:
Automating all possible aspects of your ecommerce will save you time and money. In addition, it is essential to have your ER...
When carrying out commercial operations from the Canary Islands, one of the main problems is the IGIC and its application...
These are the changes brought about by the RGPD and the Cookie Act in European eCommerce.
How do cookies work and what are they used for in ecommerce? We talked about the types of cookies, caches and the histori...