Log in to get access to additional options [close]

How to protect your website and your customers' data?

Date: 2013-10-30

Nowadays when Internet users are aware of personal data security, customer rights and website's security breach issues it is important to know the main concerns related to managing a website or a shopping cart.

This article is merely an introduction to the topic since it's a book-size subject. We will start by suggesting that you have your website's security handled by experts.

Ensure your customers' data safety

If your selling on the Internet or you let your customers to log in to your website, consider if you're giving your customers a proper sense of security. Read the following tips you can use in your online shopping cart:

1. SSL certificate

Using the SSL certificate became a standard that protects your customers' data (it encrypts data the customers sent to your shop e.g. via order form). Due to the fact that SSL increases server load, it's good to set it up for at least some of the pages, like: basket, order form, login form, registration form, etc.

Each customer can see in his browser if your website has the certificate and whether its identity has been verified. In Chrome browser it looks like this:

SSL

More and more often customers are aware of the SSL and they stay away from shops that don't have this certificate. They know that administrator of this kind of shop does not care about their safety and certainly not about safety of their personal data.

No SSL
2. Cookies information and privacy policy

To show your customers you care about their safety, inform them about cookies you're using in your shop (you're using them for sure). It's important to inform them about what happens to their personal data once they send their orders.

Usually these kind of information is put on a subpage called privacy policy. Creating a good privacy policy requires knowledge about cookies your shopping cart uses and what kind of data is sent through the forms.

You can read more on that topic in the article do I have to inform about cookies?

3. Protect your customers' data from unauthorized access

Create your own security policy to protect you customers' data from unauthorized access. For both Quick.Cart.Ext and Quick.Cms.Ext the admins » plugin is available. You can create accounts for administrators giving them access to specific sections of the shop, like orders, products, customers, configuration, etc. It's especially useful when the admin panel is administered by several people, e.g. an employee, a webmaster and the owner.

List of administrators

Assigning permissions for specific sections is very simple as you can see on the screenshot below.

Administrators form

Protect your website from hacks and data thefts

Several months ago OpenSolution started the "Security tips" campaign. Its goal is to rise awareness of all website's owners and uneducated webmasters that the problem of hacking websites to infect them with viruses or steal order and customers data is common.

Learn these rules to increase your website's and your customers' data security:

  1. use antivirus software
  2. don't store your FTP account password in programs like Total Commander, Filezilla etc.
  3. change your FTP account password periodically e.g. once a month
  4. limit the FTP access to specific IP addresses. Professional hosting providers allow for that.
  5. use the "Options - Indexes" instruction in the .htaccess file, it will make subdirectories files lists impossible to view from the outside.
  6. use all available bug fixes on our website, but it's best to update your script to the latest version - it also grants you access to new plugins and skins.
  7. be thorough in filtering scripts you install and share with our software. Many times we've heard that someone hacked a shopping cart's website using an opening on a subpage running on another scripts like Wordpress. This things happen when on one server account there are several websites.
  8. change the administration panel login "admin" to something else, also change the name of the file that runs the admin panel "admin.php" to something else

Find more tips in the manual ». Consider the programming support » in scope of which you can secure your website from most of the potential threats, you can also get all available bug fixes.

Prepare a correct Terms-and-policy section free from any legal errors

We recommend that a person who isn't familiar with legal requirements for a correct Terms-and-policy does not use the ready made templates especially the ones found on other (competition's) online shopping carts's websites.

Terms and policy templates are rarely updated and they're rarely in step with the current laws. When you copy from another website you can never be sure that what you've just copied is correct. You also could be liable for copyright infringement of the person who prepared the Terms and policy you copied. People still believe that "if most online carts use the same kind of Terms and policy, it must be right".

Unfortunately statistics show, that vast majority of shopping carts's Terms and policies include regulations that breach customers' rights. Using them could mean legal consequences. We're not experts but finding illegal paragraphs in a Terms section doesn't take us more than several minutes. Imagine how easy it would be for someone who knows this subject well...

Some lawyers and associations working for "the customer's benefit" look for illegal clauses on online cart's websites to sue the shop's owner. Recently it becomes increasingly common. In most cases the shop's owner wasn't even aware of the fact that he/she was breaking the law or he/she thought their shop was to small for anyone to take notice.

From our experience we can say, that there's no other way than to have the Terms and privacy policy created by a professional who will take responsibility for his/her work in case of potential disputes with customers, for instance.

Remember to create a backup

Creating a database backup and once in a while an entire website's backup should become your habit. Remember that failures and breakdowns happen everywhere. Use the free plugin simpleBackup » which will allow you to download pages, products and orders zipped database to your computer. For the paid edition a more advanced plugin backup » is available.

Unfortunately users often forget that a couple seconds of work might save them hours or even days of tedious work of restoring their website to how it was before it crashed. If your website is hacked (unfortunately it happens), you'll have a copy of your website before it was infected with viruses. If your database is damaged, it will take only few minutes to restore it.

Don't just rely on your hosting company. Many companies stores a backup only for 3 days. Imagine your database crashed on Friday and you don't know about it until Monday evening or Tuesday. It could turn out you won't be able to recover the data you've lost. So make sure to backup your database at least once a week and the entire website at least once a month.

Choose a reliable hosting service

If you're running a shop, you need your server to be stable and have a very good support service (quick and to-the-point answers). There's no better way to know a hosting service provider than when your websites crashes.

There've been situation when the hosting provider: blocked the smtp function (email sending), blocked the server when a website was visited by an indexing robot (e.g. GoogleBot) that generated heavy load, didn't have a backup of a website, etc.

Summary

We wish you didn't learn all of this by experience. Invest some time and money to prepare rules and policy, get an SSL certificate, reliable hosting service, secure your website / shopping cart. This investment will pay off. You'll save yourself a lot of stress, money and time, you can also get new customers who are increasingly aware of their rights and data safety issues.

Author: OpenSolution

 
terms and policies about us contact