Website security is a key part of any eCommerce store. Since the stakes are higher, you need to do everything you can to protect your customers’ private data. Here are 5 ways you can keep your nopCommerce website secure and your customers’ private information safe.
Keep your nopCommerce version up-to-date
nopCommerce rolls out new versions quite frequently (at least twice a year) which includes feature enhancements, general maintenance, bug patches and optimization along with security fixes to address the issues found in the preceding versions. Every time security vulnerability is reported (or found); the core nopCommerce team works diligently to fix the issue(s) in the latest version. Hence, it is extremely important to keep your nopCommerce store site version up-to-date especially when you are dealing with customer’s personal information.
Note: nopCommerce platform is safe and secure, and had only one security patch since its launch in 2008
In addition to security fixes, nopCommerce team is always trying to make things faster and optimize the software. Each new release comes with several performance improvements that make your nopCommerce store site run more efficiently. Another reason why you should consider to update your nopCommerce site to the latest version.
Release notes are available for every new release on nopCommerce website: https://www.nopcommerce.com/releasenotes.aspx
Here you can download the latest version of nopCommerce: https://www.nopcommerce.com/downloads.aspx
Show the customers that they can trust you (or your business) as shoppers need to feel safe when they are on your store site, especially when they are providing payment information. Make sure you have SSL (Secure Sockets Layer) configured / enabled on your nopCommerce site to prove to the customers that their personal information is protected. In addition to gaining customer’s trust SSL is important to keep the connections encrypted. Unencrypted connectors are vulnerable which can lead to data theft.
You can easily configure / enable SSL on your nopCommerce store site by going to this location:
Administration (Dashboard) > Configuration > Stores (Click EDIT besides a default store to configure SSL)
Set up a password policy
Creating a strong password policy is key to helping your customers safeguard their private information such as log-in credentials, address, and payment information. While additional password complexity can be seen as an inconvenience to many users, it should not prevent you from setting up a strong password policy for your online store.
nopCommerce is compatible with the latest industry standard for payment data protection, PCI DSS 3.2. The newest requirements help to prevent, detect, and respond to cyberattacks that can lead to payment data breaches. In order to fit PCI DSS 3.2, the following policies must be followed:
- password attempt failure lock-out must be supported;
- password must be changed at least once every 90 days;
- password must be unique i.e. it is not allowed to submit one of the previously used passwords.
All of these options are integrated into nopCommerce and are fully configurable.
You can easily configure / setup a password policy on your nopCommerce store site by going to this location:
Administration (Dashboard) > Configuration > Settings > Customer settings
Take regular backups
Your online store is an incredibly valuable asset. Regardless of how much traffic or orders you get on your store site, your website data is the backbone of your online business. If something happens to that data, it can negatively affect your business.
There are many factors that can affect your online store site data such as:
- Human error
- Accidental data deletion
- Malicious attack
It is always a good practice to take regular backups of your online store site so data can be easily recovered (if needed).
In nopCommerce, you can easily take regular backups of your store site right from the administration area by going to:
Administration (Dashboard) > System > Maintenance
Some additional security measures
Here is a list of some additional best practices that you need to be aware of in order to make your nopCommerce based store site secure.
- Choose a reputable and reliable host that makes site security one of their top priority
- Enable SSL for all site pages to enforce SSL for the entire site (available in nopCommerce)
- Restrict IP address to access the backend (available in nopCommerce)
- Enable XSRF protection (available in nopCommerce)
- Enable honeypot (available in nopCommerce)
- Private key encryption (available in nopCommerce)
Author: Lavish Kumar