Chat with us, powered by LiveChat

This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

Make 2019 a success for your ecommerce stores through blazing fast managed cloud hosting. Use ECOMM15 to get 15% OFF for 3 months. AVAIL NOW

9 Quick Ecommerce Security Tips for A Safe Holiday Sales Season [2018]

Updated on August 22, 2018

5 Min Read
Ecommerce Security
Reading Time: 5 minutes

Over the past few years, ecommerce stores have become widespread. Everyday we hear of some new ecommerce store launching. Where this trend is creating easiness for users, it also increases the risk of internet theft.

One ecommerce hack that occurs the most is credit card fraud. So, as an ecommerce store developer, it’s your responsibility to stop the hackers in their paths. This will allow people to shop online safely and without the fear of information theft.

While, I have no doubt that you will have adequate knowledge about securing your ecommerce store, I still want to help. So, here is a list of quick ecommerce security tips to strengthen your store’s security.


1. Select an Appropriate Ecommerce Platform

Most ecommerce store owners prefer Magento, OpenCart, WooCommerce, or PrestaShop for ecommerce platforms. It’s essential to select an appropriate one from them according to your requirements.

You need to keep in mind the key factors such as convenience, robust functionality, and ease of use.

I recommend Magento because of its powerful performance.

2. Use HTTPS

HTTPS is the most secure standard in website security these days. The outdated HTTP protocol can lead to severe repercussions, so in an effort for overall security of the visitor’s data, many website owners have decided to use HTTPS on their site.

Earlier HTTPS protocol was only used on the payment pages.

To initiate the process of switching over to HTTPS, select an SSL Certification. You can purchase it from your hosting company or an SSL merchant.

It’s an easy process, just follow these steps:

  1. Shift your site to HTTPS
  2. Set up 301 redirects
  3. Update all the internal links on your site

Use HTTPS - Ecommerce Security Tip

3. Secure the Admin Panel

A weak password is all that a hacker needs to manipulate your website. But it can lead to a huge loss for your business. To keep your website away from malicious hackers, secure your admin panel by following these simple steps:

  1. Change Admin Username: Default ‘username’ value for ecommerce websites is ‘admin.’ Change it to a unique, easy to remember value.
    • For Magento, follow these steps:
      1. Navigate to the ‘System’ tab in the Admin panel.
      2. Click on ‘My Account’ in the dropdown menu.
      3. In the ‘My Account’ page, change the ‘Username’ value.
      4. Click on Save Account.
    • For OpenCart, follow these steps:
      1. Navigate to the folder containing the “admin” folder. It is usually the “public_html”
      2. Right click on the “admin” folder and choose the “rename” option from the dropdown.
      3. Enter the new folder name for the “admin” folder. Use a unique name which is hard to guess and completely unrelated to your business.
      4. Now, edit the /admin/config.php and replace ALL instances of the word ‘admin’ with the new folder name you have chosen in the above step.
      5. For detailed explanation on renaming the admin folder.
  2. Use a secure password for all entry points of your website. The password should be at least 8-12 characters long. It should contain alphanumeric and special characters. An easier way to generate a strong password is to use a tool like lastpass.

4. Data Backup

Data backups are integral for ecommerce security. It is important that you perform scheduled backups on a regular basis. So, if someone hacks your website, you can restore it to the previous version instantly. It is important that you store the backups on a separate server so that they aren’t infected by the malware.

A good step is to use cPanel dashboard to create backups:

Follow these steps, to generate a full site backup in cPanel:

  1. Log into your website’s cPanel.
  2. Navigate to the Files section, then click on the Backups icon.
  3. Under the Full Backup section, click on the Generate/ Download a Full Website Backup option.
  4. In the next page, select the Home Directory option from the Backup Destination drop-down menu.
  5. For setting your Email Address preferences, you can select whether you want to receive an email notification once the backup is complete or not. You can also change the email for receiving the notification.
  6. In the end, Click on Generate Backup.

Once complete, this will place the backup in your home directory, with the extension tar.gz.

To download the backup from cPanel:

  1. Log into your website’s cPanel.
  2. Navigate to the Files section, then click on the Backups icon.
  3. Under the Full Backup section, click on the Generate/ Download a Full Website Backup option.
  4. In the Backups Available for Download section, click the hyperlink for the particular backup file that you wish to download.
  5. To complete the process, Select a destination folder on your system where you would like to download the backup.

Another option is to choose a managed ecommerce web hosting service that automatically creates backups for you, like Cloudways.

5. Avoid Storing Credit Card Details

You should avoid storing customer credit card details on your server. But if you have to, then get PCI Compliance certificate. PCI compliance certification assures that the credit card data is safe on your website. You will have to first pass the compliance assessment.

Points to follow:

  • The first step is to determine the Compliance Level
  • Do the self assessment questionnaire
  • Attestation of Compliance
  • Submit the documents.

You can also handle the payments using a third party payment  gateways such as stripe, PayPal. These processors allow smooth payment processing and an enhanced ecommerce experience.

6. Protection Against SQLi, XSS, Malware

As a website owner, it’s very important that you protect your website against threats like Cross Site Scripting (XSS), SQL injections, Bad Bots. If these vulnerabilities aren’t fixed they leave your website’s data at a risk of being exploited by hackers.

You could either go through your store’s code and fix such vulnerabilities or use a security plugin, as mentioned in the next step.

7. Use an Ecommerce Security Plugin

Security plugins are a simple way to enforce security protection on your website. They provide protection against Bad Bots, SQLi, XSS, Code Injections and hundreds of other severe attacks. One of the most secure, easy to implement, feature rich security plugin is Astra. It helps automatically secure your site and virtually patch software by preventing malicious requests from ever reaching your website.

8. Ecommerce Security Best Practices

I also advise you to go through your particular CMS’s security best practices documentation and follow all the steps mentioned there. This will configure your particular CMS in a secure way according to the CMS’s guidelines.

Here’re some of the ecommerce security practices advised by Magento:

  1. Restrict access to any development, staging, or testing systems. Use IP whitelisting and .htaccess, .htpasswd protection.
  2. Install extensions only from trusted sources.
  3. Always keep your Magento instance updated for the best security features.
  4. Always use the correct file permissions. Core Magento and directory files should be set to read only, including app/etc/local.xml files.

Here’re some of the ecommerce security practices advised by OpenCart:

  1. Rename your Admin Directory.
  2. Set the following file’s permissions to 644 or 444 to prevent anyone else from writing to them:
    • config.php
    • index.php
    • admin/config.php
    • admin/index.php
    • system/startup.php
  3. Using a .htaccess and .htpasswd file in the admin folder will provide selective access to your store, keeping the hackers away. Even if they are able to discover the admin login location somehow.

9. Keep Ecommerce Platform Updated

Keeping the ecommerce platform updated is one of the most integral and crucial steps in having all-round security of your website. Keep updating the CMS, themes, plugins regularly. Outdated versions of the themes and plugins tend to have vulnerabilities in them that lead to the website become insecure and exploitable.

Disclaimer: This is a guest post by Abhi Chitkara, Author at Astra Web Security Blog. The opinions and ideas expressed herein are author’s own, and in no way reflect Cloudways position.

Share your opinion in the comment section. COMMENT NOW

Saud Razzak

Saud is the WordPress Community Manager at Cloudways - A Managed WooCommerce Hosting Platform. Saud is responsible for creating buzz, spread knowledge, and educate the people about WordPress in the Community around the globe. In his free time, he likes to play cricket and learn new things on the Internet. You can email him at

Convert Traffic into Buyers with Managed Ecommerce Hosting

See your business grow without worrying about server management!

Get Our Newsletter
Be the first to get the latest updates and tutorials.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!