“By the year 2014 it is estimated that close to $250 million a year will be spent by consumers at online retailers’” (source: http://www.applicure.com/solutions/ecommerce-security)
So, any ecommerce website is a target for those willing to get ‘easy money’. No need for guns and masks to break it, just a couple of code tweaks. This is why security should be your primary concern. Moreover, your customers care very much as well.
In case you happened to fall a victim to hackers, this post will be quite useful for you. We’ve researched the issue and compiled a complete list of effective techniques for:
- recovering from an attack
- preventing hacking attempts
As they say, forewarned is forearmed. So, this is what you should do to restore the site if you once find it broken or messed up because of hackers.
- Put your site under maintenance – so that your users don’t get affected.
- Discover how the site was broken – there’s no point cleaning it up and restoring if you don’t fix the vulnerabilities first. You can find some info in your logs or have your store security settings checked.
- Restore your site from the backup – backing up your system is crucial, especially for occurrences like this. You’ll be able to renew your store to the version preceding the hacking attempt.
- Repair vulnerabilities – If you already know how the hackers got in, make sure they won’t be able to do so again. Change all your passwords, update software and, when its done, check for malware again to make sure the site is safe and ready to go.
You certainly don’t want this happen to you again. Follow these recommendations for better website security:
- Secure hosting – choosing secure hosting is critical, as your data, images and databases are kept on the server. If the hosting is compromised, your data is in danger as well.
- Shopping cart security – make sure the security features of your platform are used to the full and give you maximum possible protection.
- Data encryption – use SSL certificate to prevent sensitive data from being eavesdropped. Your clients also look for the https and the green padlock icon in the address bar, and if it’s not there, chances are the purchase won’t happen. Similarly, we recommend to use secure connection in the backend as well. Keep in mind though that encryption comes at the cost of performance.
- Strong credentials – the longer and more random your password and username is, the more chances you won’t get your site messed up. The brute force attacks are aimed right at weak login details. Strong credentials are quite easy to implement, but the risk will be significantly diminished then.
- File/folder permissions- when editing your .htaccess, avoid using 777 permissions unless it is absolutely necessary to prevent system vulnerability. It is better to use 755 for folders and 644 for files for better protection.
Finally, to be sure your business is well protected, try out Shopping Cart Diagnostics. You’ll be able to have your estore security tested for any breaches + monitor all areas of your store for errors.
Just register an account and join the community of risk-free businesses now! For more info concerning ecommerce troubleshooting visit http://www.shopping-cart-diagnostics.com
References:
1. http://www.alrayeswebsolutions.com/blog/e-commerce/8-ways-to-secure-your-ecommerce-website/
2. http://blog.brainhost.com/how-to-determine-if-your-site-has-been-hacked-and-what-to-do-next/