Online Store Security: 8 Must-Complete Steps Against Web Threats

Jun 15, 2017 by Anna Koneva, Ecwid Team
Online Store Security: 8 Must-Complete Steps Against Web Threats
Posted Jun 15, 2017 by Anna Koneva, Ecwid Team

From time to time, cyber attacks of different levels happen all over the world. The 2016 Dyn cyber attack caused multiple services to be unavailable, including Twitter, Amazon, PayPal, and Netflix.

After hearing such news, you want to act immediately to protect your online store and business, don’t you? This post will give you the bare minimum that helps to keep your store safe from the majority of cyber attacks. The sooner you implement these recommendations, the better.

Ecwid merchants won’t have to follow many of them, though. Ecwid conforms to the highest international safety standards that make your store as reliable as a large bank. So your store and your customers are safe. However, the following advice will be useful not only for online store protection but also for your everyday internet surfing.

Security Tips for Everyone

Please, don’t put off completing these steps.

1. Make sure you are the owner of your domain

If you’re using your custom domain name, and especially if it wasn’t you who bought it (but your IT guy, manager, or contractor), check who is the owner — it should be you. Otherwise, another person (or organization) owns your domain name, and they can technically sell your domain name or appropriate it to a different website.

In case your domain is registered with another person’s name, move it to your account using the instructions of your domain provider:

If you are about to buy a domain name, don’t assign this task to a contractor or at least make sure you are the owner. The owners of transnational corporations should register domains with their names too. Remember your login and password, as you’ll need them when it’s time to renew your hosting subscription.

Learn more: How to Buy a Perfect Domain Name for Your Online Store

2. Make sure you are the owner of your hosting subscription

If you need hosting for your online store (for example, if you added it to your WordPress.org, Adobe Muse, or Joomla website), make sure that you own your hosting subscription. Otherwise, you run the same risk as when trusting your domain name to someone else. The owner of your hosting account will be able to do anything with your website, even delete it.

You should also keep the login and password of your hosting account for renewing it.

Tip: Use hosting providers with a good reputation, for example, GoDaddy or Name.com. It’s even better to use a hosting provider that is adjusted for e-commerce. A drawback of that kind of hosting is the higher pricing.

3. Exclusively create strong passwords

Protect your accounts with strong passwords. Use recommendations from Google:

  • Create a unique password for every account
  • Your password should consist of at least 6 characters
  • Use a mix of letters, numbers, and symbols
  • Use upper and lower case

Don’t use:

  • General words and common expressions
  • Keyboard patterns like “qwerty” or “12345”
  • Personal information: names, addresses, ID numbers, and other.

Change all your passwords to stronger ones, from your online store dashboard to your email and social media. Change passwords every time you share your accounts with a contractor or fire an employee.

Read how to create a strong password and remember it.

4. Install a password manager

It’s hardly possible to remember multiple strong passwords from your hosting, admin, email, and other accounts. There’s a way out — password managers:

These services require remembering just one password (master password) from their service.

Moreover, 1Password and LastPass can generate unique strong passwords. Use this feature if you don’t have the time or inspiration for creating many passwords by yourself.

It’s very unsafe to have your passwords publicly available, for example by keeping them on paper. The paper can get lost, or damaged by water or simply by time. Don’t keep your passwords in a Notebook/Excel/Word file, as those data can be easily stolen or ruined by viruses.

5. Install an SSL certificate on your website

An SSL certificate securely protects your customer data — name, address, phone number, credit card details — from hackers who can steal and use it, for example, to get money from your customer credit card).

Plus, an SSL certificate helps to improve ranking in Google and gain customer trust. Another post will tell you more about SSL certificates as well as about how to get them for your online store.

6. Set up two-factor authentication for your email

… And also wherever it’s possible. To access your inbox, you’ll need to type your login+password, and then type a verification code sent to you by SMS or generated in a special app called authenticator. The SMS is sent to your number only, and the app is connected to your account so no one but you can receive this code.

Even if some nasty guy guesses or steals your password, they won’t be able to access your account because the system will ask them to enter the verification code they haven’t got.

If you don’t use two-factor authentication, you can become a victim of viruses or phishing. An intruder can get your email password and could change other passwords that you use (including your online store control panel).

Some services have two-factor authentication by default, for example, MailChimp. Here are the instructions for enabling two-factor authentication in popular services and on social media:

7. Install the latest versions of all the programs you use

This includes your browser and the operating system of your computer and mobile devices. Such updates are normally installed automatically or by your approval (always approve them).

If your website is built with WordPress.org, Adobe Muse, Joomla, or another site builder that requires hosting, don’t neglect updates and don’t hesitate to install them as soon as they are available. Monitor service security notifications and be ready to immediately install security patches to prevent your website from being hacked.

Check it out now and update your website if necessary:

If your website is built with a cloud constructor (such as Ecwid, WordPress.com, Wix), your service is updated automatically, no actions required.

8. Create a backup copy

If your website is created with a content management system (CMS) like WordPress.org, Adobe Muse, Joomla, and others, and is hosted by a separate hosting provider, you should create a backup copy every month.

Large hosting providers do backups automatically or allow you to set up automatic backups (for example, BlueHost). Check with your provider whether they do backups. If not, do it yourself, using one of the instructions on the web (you might need a developer here).

If your online store gets hacked, backup copies will help you find and delete unnecessary code pieces added by hackers. If your website gets completely deleted, a backup copy can save your business.

For Ecwid Merchants

Your Ecwid store is as protected as it’s possible today. Ecwid conforms to the security requirements of  Level 1 PCI DSS, which is the highest international standard for secure data exchanges for e-commerce. Banks all over the world use the same standard.

We regularly check Ecwid with security scanners, create backups of your stores, update the software, and keep the data on a secure hosting.

However, if you installed Ecwid on your own website, please take care of the site’s security. (Whether you do it or not, your Ecwid store will stay secure anyways.) Follow the steps above to protect your customers and yourself from cyber attacks.

If you are using an Ecwid Starter Site:

  • Change the password from your Ecwid account (and from your domain account, if you’ve bought a custom domain) to a stronger one
  • Install a tool (an authenticator) for encrypting and protecting your passwords

Nothing more to do  we’ve taken care of the rest.

***

This is the first of our set of posts about internet security for online stores. We’ll be telling you how to confront phishing, which site builders are perfect for beginners in terms of security, and why stores must not preserve customer data by themselves. We’ll try to explain everything in a clear manner that is suitable even for those who don’t have any idea about these issues.

What questions about security bother you the most? Share them in the comments!

About The Author
Anna is a content creator at Ecwid. She loves big cities, pasta and Woody Allen's films.

Stay up to date!

Get free e-commerce tips, news and inspiring ideas delivered directly to your inbox