Get your own unique domain through Ecwid and give your customers an easy way to find you. Learn more →
Everything you need to sell online

Set up an online store in minutes to sell on a website, social media, or marketplaces.

Online Store Security: 8 Must-Complete Steps Against Web Threats

Ecommerce Security: 8 Steps to Protect Your Store Against Cyber Threats

10 min read

From time to time, cyber attacks of different levels happen all over the world. The 2016 Dyn cyber attack caused multiple services to be unavailable, including Twitter, Amazon, PayPal, and Netflix.

After hearing such news, you want to act immediately to protect your online store and business, don’t you? This post will give you the bare minimum that helps to keep your store safe from the majority of cyber attacks. The sooner you implement these recommendations, the better.

Ecwid merchants won’t have to follow many of them, though. Ecwid conforms to the highest international safety standards that make your store as reliable as a large bank. So your store and your customers are safe. However, the following advice will be useful not only for online store protection but also for your everyday internet surfing.

Digital Security Tips for Online Merchants

Please, don’t put off completing these steps.

1. Make sure you are the owner of your domain

If you’re using your custom domain name, and especially if it wasn’t you who bought it (but your IT guy, manager, or contractor), check who is the owner — it should be you. Otherwise, another person (or organization) owns your domain name, and they can technically sell your domain name or appropriate it to a different website.

In case your domain is registered with another person’s name, move it to your account using the instructions of your domain provider:

If you are about to buy a domain name, don’t assign this task to a contractor or at least make sure you are the owner. The owners of transnational corporations should register domains with their names too. Remember your login and password, as you’ll need them when it’s time to renew your hosting subscription.

Learn more: How to Buy a Perfect Domain Name for Your Online Store

2. Make sure you are the owner of your hosting subscription

If you need hosting for your online store (for example, if you added it to your, or Joomla website), make sure that you own your hosting subscription. Otherwise, you run the same risk as when trusting your domain name to someone else. The owner of your hosting account will be able to do anything with your website, even delete it.

You should also keep the login and password of your hosting account for renewing it.

Tip: Use hosting providers with a good reputation, for example, GoDaddy or It’s even better to use a hosting provider that is adjusted for e-commerce. A drawback of that kind of hosting is the higher pricing.

3. Exclusively create strong passwords

Protect your accounts with strong passwords. Use recommendations from Google:

  • Create a unique password for every account
  • Your password should consist of at least 6 characters
  • Use a mix of letters, numbers, and symbols
  • Use upper and lower case

Don’t use:

  • General words and common expressions
  • Keyboard patterns like “qwerty” or “12345”
  • Personal information: names, addresses, ID numbers, and other.

Change all your passwords to stronger ones, from your online store dashboard to your email and social media. Change passwords every time you share your accounts with a contractor or fire an employee.

Read how to create a strong password and remember it.

4. Install a password manager

It’s hardly possible to remember multiple strong passwords from your hosting, admin, email, and other accounts. There’s a way out — password managers:

These services require remembering just one password (master password) from their service.

Moreover, 1Password and LastPass can generate unique strong passwords. Use this feature if you don’t have the time or inspiration for creating many passwords by yourself.

It’s very unsafe to have your passwords publicly available, for example by keeping them on paper. The paper can get lost, or damaged by water or simply by time. Don’t keep your passwords in a Notebook/Excel/Word file, as those data can be easily stolen or ruined by viruses.

5. Install an SSL certificate on your website

An SSL certificate securely protects your customer data — name, address, phone number, credit card details — from hackers who can steal and use it, for example, to get money from your customer credit card).

Plus, an SSL certificate helps to improve ranking in Google and gain customer trust. Another post will tell you more about SSL certificates as well as about how to get them for your online store.

6. Set up two-factor authentication for your email

… And also wherever it’s possible. To access your inbox, you’ll need to type your login+password, and then type a verification code sent to you by SMS or generated in a special app called authenticator. The SMS is sent to your number only, and the app is connected to your account so no one but you can receive this code.

Even if some nasty guy guesses or steals your password, they won’t be able to access your account because the system will ask them to enter the verification code they haven’t got.

If you don’t use two-factor authentication, you can become a victim of viruses or phishing. An intruder can get your email password and could change other passwords that you use (including your online store control panel).

Some services have two-factor authentication by default, for example, MailChimp. Here are the instructions for enabling two-factor authentication in popular services and on social media:

7. Install the latest versions of all the programs you use

This includes your browser and the operating system of your computer and mobile devices. Such updates are normally installed automatically or by your approval (always approve them).

If your website is built with, Joomla, or another site builder that requires hosting, don’t neglect updates and don’t hesitate to install them as soon as they are available. Monitor service security notifications and be ready to immediately install security patches to prevent your website from being hacked.

Check it out now and update your website if necessary:

If your website is built with a cloud constructor (such as Ecwid,, Wix), your service is updated automatically, no actions required.

8. Create a backup copy

If your website is created with a content management system (CMS) like, Joomla, and others, and is hosted by a separate hosting provider, you should create a backup copy every month.

Large hosting providers do backups automatically or allow you to set up automatic backups (for example, BlueHost). Check with your provider whether they do backups. If not, do it yourself, using one of the instructions on the web (you might need a developer here).

If your online store gets hacked, backup copies will help you find and delete unnecessary code pieces added by hackers. If your website gets completely deleted, a backup copy can save your business.

For Ecwid Merchants

Your Ecwid store is as protected as it’s possible today. Ecwid conforms to the security requirements of  Level 1 PCI DSS, which is the highest international standard for secure data exchanges for e-commerce. Banks all over the world use the same standard.

We regularly check Ecwid with security scanners, create backups of your stores, update the software, and keep the data on a secure hosting.

However, if you installed Ecwid on your own website, please take care of the site’s digital security. (Whether you do it or not, your Ecwid store will stay secure anyways.) Follow the steps above to protect your customers and yourself from cyber attacks.

If you are using an Ecwid Instant Site:

  • Change the password from your Ecwid account (and from your domain account, if you’ve bought a custom domain) to a stronger one
  • Install a tool (an authenticator) for encrypting and protecting your passwords

Nothing more to do  we’ve taken care of the rest.


This is the first of our set of posts about internet security for online stores. We’ll be telling you how to confront phishing, which site builders are perfect for beginners in terms of digital security, and why stores must not preserve customer data by themselves. We’ll try to explain everything in a clear manner that is suitable even for those who don’t have any idea about these issues.


Table of contents

Sell online

With Ecwid Ecommerce, you can easily sell anywhere, to anyone — across the internet and around the world.

About the author

Anna is a content creator at Ecwid. She loves big cities, pasta and Woody Allen's films.

Ecommerce that has your back

So simple to use – even my most technophobic clients can manage. Easy to install, quick to set up. Light years ahead of other shop plugins.
I’m so impressed I’ve recommended it to my website clients and am now using it for my own store along with four others for which I webmaster. Beautiful coding, excellent top-notch support, great documentation, fantastic how-to videos. Thank you so much Ecwid, you rock!
I’ve used Ecwid and I love the platform itself. Everything is so simplified it’s insane. I love how you have different options to choose shipping carriers, to be able to put in so many different variants. It’s a pretty open e-commerce gateway.
Easy to use, affordable (and a free option if starting off). Looks professional, many templates to select from. The App is my favorite feature as I can manage my store right from my phone. Highly recommended 👌👍
I like that Ecwid was easy to start and to use. Even for a person like me, without any technical background. Very well written help articles. And the support team is the best for my opinion.
For everything it has to offer, ECWID is incredibly easy to set up. Highly recommend! I did a lot of research and tried about 3 other competitors. Just try ECWID and you'll be online in no time.

Your ecommerce dreams start here

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
Your Privacy

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information

More information

Strictly Necessary Cookies (Always active)
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Performance Cookies
These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.