This shopping cart protection guidance focus on the most important points in securing a cart website. Some tips are actually remindings for our regular operation that we may easily ignore. All below guidance/tips are generated through our several years experience in supporting various store websites. The sole purpose is to help construct a secure cart site so you can trust in long term. If you're running or plan to open a shopping cart, it's highly suggested follow these tips.
Use right cart software
Software platform decides the overall store security directly. Different cart softwares provides different support level and support resources. We must choose the right one based our cart site requirements. If we don't program the shopping cart scripts by our own, following should be considered in selecting available solutions
- Customer experience. See how existing users say about the software so you can get brief understanding of the software performance.
- Ease of use. This will simplify the process in using and securing your store site.
- Update frequency. The more frequent updates the more we should consider because it implies the official team is very active on the software project so better security/performance is expected.
- Support resources. If there's no much support people or online resources about the software, we should avoid. Because if there's any problem in using the script we have no fix by ourselves.
Also, please pay attention to the software features. Some scripts are perfect for big site but not suitable for small cart. We must determine the proper one based real needs.
Use right payment gateway
The same rules in selecting cart software. Since payment gateway is core function on ecommerce website, a reliable and secure service should be considered for all sites. Basically, those crappy solutions should be avoided no matter how good it says. Instead, those leading service providers should be used such as 2checkout, authorizenet etc. If you don't have busy online transaction, paypal is also good choice for it's simplity.
SSL is a MUST
No matter what kind of product/service you sell on website, SSL is a must. No matter if you purchase your own certificate or use your hosting server shared service, you must configure it or else everything on your website is in plain text and hackers can easily get your store privacy.
Also please pay attention to SSL secure level, 128 bit products are approved insecure from industry announcement. For business store sites, we need to install at least 256 bit certificate for guaranteed protection. Because all kinds of ssl services are still provided on the market, we must pay attention to this.
Protect admin area
Store admin area should be protected by all tactics you can think of because it's direct access to all your website properties. Technically, following tactics are highly suggested.
- Set strong user/password. The first place we should look at, we should replace the default user "admin" to others and configure complex password for it.
- Password protect. Admin area can be password protected easily via hosting control panel. It simply adds another secure layer to the store.
- IP restriction. You can configure IP whitelist/blacklist to access the admin side. Many softwares have this function built in.
Use right hosting service
The right shopping cart hosting is the best security guard of your store site. Hosting security refers to both server and network configuration. A secure hosting server must be setup by up to date hardware and softwares and fully optimized for business requirement. Anti virus and ddos equipments must be setup on both hardware/software level. The most important is the network and IP blocks must be spam free. It's essential point because we can avoid lots of potential security risks.
Besides all above, the hosting service must be easy to use. We don't have to research a lot for the service itself. If our softwares are php mysql programmed, a standardhosting service is suggested. If it's sql server technologies, websitepanel and plesk are good solutions.