PDA

View Full Version : eCommerce security: the 7 things you should do first



Harold Mansfield
04-20-2016, 01:25 PM
#1 is something I (and many others here) say over and over again. Choose a good host. Do your homework. Don't base this decision on price. I see so many people cheap out on hosting for their most important business asset and it always ends up being tragic.


If you can't afford to spend much money on the thing that is responsible for where the money comes in, then you need to re-evaluate whether or not you can afford to be in business.


In fact, the very first step you take should be choosing a reputable, reliable host that makes site security one of their top priorities. You shouldn’t put your new store just anywhere — making a poor choice could put both you and your customers at risk.
https://www.woothemes.com/2016/02/woocommerce-security-first-steps/

Brian Altenhofel
04-20-2016, 02:33 PM
Easiest thing to do on a host is request their most recent PCI-DSS compliance audit report for their hosting environment (or their provider's if they are a VAR). Several make theirs publicly accessible. And depending on the nature of the e-commerce, a SOC1 report might also be a good idea.

yoligrana
06-21-2016, 08:03 AM
A good hosting is definitely a must. Sooner or later you will have to the transition. It does not have to be the best hosting out there but choose a good one. Also, for sure I will recommend the best website software along with the best tools and advice. That's very important.

stellapike
10-27-2017, 11:50 AM
Yeah, I agree with your points and also believe that online merchants should do this not only for store security but also for customer's data security. I would add few points which are important as per eCommerce security perspect.

-> Always prefer to Employ an address and card
-> verification system.
-> Set up system, alerts for suspicious activity.
-> Perform regular PCI scans.

gimli
04-26-2018, 05:48 AM
I was looking into starting with a eccomerce website. My view on it ( and this is of somebody who is new so granted there may be many things i am missing.)
Is that using some sort of payment gateway depending on your cms ( example wordpress and woo commerce ) together with a ssl certificate.
Two step verification on the website.
Protection in the form of a anti virus from your computer , browser and email client and also your internet connection itself ( for example if you were using wifi )

Was pretty much enough to cover you from most attacks. I see other things mentioned in this thread. I think hackers will always be looking for new ways and developers will thus always have to employ new techniques.

I like that somebody said notifications its very overlooked and yet so simple that when something is happening on your website you get a message on your phone and you can reduce the damage.

Harold Mansfield
04-26-2018, 10:57 AM
I was looking into starting with a eccomerce website. My view on it ( and this is of somebody who is new so granted there may be many things i am missing.)
Is that using some sort of payment gateway depending on your cms ( example wordpress and woo commerce ) together with a ssl certificate.
Two step verification on the website.
Protection in the form of a anti virus from your computer , browser and email client and also your internet connection itself ( for example if you were using wifi )

Was pretty much enough to cover you from most attacks.

None of those things protect your website from attacks. They help protect the user from man in the middle attacks.

Your website has a whole different set of variables that need protection at the server level, starting with a good host. I actually all starts with the build, but if you're not redoing your website there are things that a pro can clean up some of your easy to find weaknesses. If you're really concerned with the security of your website, you either need to know something about protecting it yourself or get with a good host that has great security and support.

jeffscott
08-16-2018, 02:25 AM
Before starting an eCommerce website be assure that you are well experience in optimization process or you hired a professional digital marketer to handle your site.

gimli
08-17-2018, 11:02 AM
None of those things protect your website from attacks. They help protect the user from man in the middle attacks.

Your website has a whole different set of variables that need protection at the server level, starting with a good host. I actually all starts with the build, but if you're not redoing your website there are things that a pro can clean up some of your easy to find weaknesses. If you're really concerned with the security of your website, you either need to know something about protecting it yourself or get with a good host that has great security and support.

Like I said, i may be wrong, but from what ive heard and read that is how ost sites get compromised from outside variables because that where most people arent guarding as much. Again however i cannot argue with you i build websites and can attest that a good build is a good starting point. From the hosting server point of view, i cant comment, in my country hosts are bad compared to what ive seen offered overseas. I was working with a international company, and did their website theur were with a international host and man i was blown away by " how much more the user gets in their interface compared to our hosting providers. Im not just talking about securoty options, but a place where a developer can go in and make the server his own. It almost feels like our hosting companies are the equivalent of wix to websites in the world hahaha.