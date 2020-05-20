If you already had an e-commerce website from which to present your products and services to the public, you probably know the importance of keeping your browsing and that of users controlled. But in these times when many entrepreneurs have made the leap to e-commerceIt does not hurt to offer some tips and tricks in this regard. We have no doubt that they will be of great help to you.

As we were saying, the coronavirus pandemic has dragged an enormous number of small and medium-sized companies to look for alternative solutions. Unable to have physical contact with their regular and new customers, the Internet is positioned as the best option to maintain sales and resist the economic crisis. But the Covid-19 is not the only risk we are running right now.

Taking advantage of the increased traffic that most business websites have, opportunists always wait for the occasion to do harm. How? For example, stealing user data. Be personal, bank, etc. And if you think that it is not a problem of yours, keep in mind that nobody will want to buy from a site where they can extract their personal information, so better to take action on the matter.

And it is that while you will never be able to eliminate the possibility of suffering an attack, you can reduce the chances. With a little effort and an eventual minimum investment, you will make your sales website as secure as your customers deserve. And with their trust, you will earn reputation and money.

How to maintain a secure e-commerce website?

Updates and patches

Just as each component of the Internet is constantly evolving, these steps forward translate into novel security holes. The pirates are watching them to get into the gap that is generated where the owners take too long to fill those gaps. For this reason, software updates and patches should occupy an important space in your agenda. You have to execute them as soon as they are available because they are the first line of defense. For example, if you have an e-commerce website with WordPress, try to always keep plugins, theme and, above all, WordPress updated.

Even though of course there is a record of targeted attacks, which are the ones that generate the most profits for cybercriminals, other automated ones also occur. These require a minimum sacrifice on their part, and are the ones that manage to sneak into those vulnerabilities that we said.

Every hour, these worst-intentioned people can scan the security of thousands of sites. This allows them to act with impressive speed. So don’t waste time and install updates and patches as soon as possible. And, for no reason, eliminate the notifications that warn about their availability. In general you will end up forgetting about them.

Access control

Knowing who enters the core of your page, in what way, and for what purpose, is essential. Some beginners lose sight that indexing their admin pages only manages to expose them to hackers. In this case, you have to use the robots.txt file to avoid it.

If you have employees, you will also have to be very careful with the permissions you grant them. The first step is to analyze that there are no malware on the devices that connect to the company network, or to the one used to manage your e-commerce website. In addition, you have to configure the logins so that it closes in a short time or when registering inactivity. Limiting the number of login attempts is also not a bad idea. Finally, do not send sensitive data to your employees by email, as it could be intervened.

Passwords, seriously

The password thing is a matter that sounds obvious. But in mid-2020, there are people who continue to use their pet’s name, their DNI or mobile number to enter important sites. Not to mention if it is the e-commerce of your firm. In these circumstances, extreme precautions must be taken.

Statistics indicate that nearly 80% of hacks are carried out as a consequence of weak passwords. And about half of people use one, two, or three for all of their users. If hackers can try their luck with thousands of combinations in minutes, it becomes clear that a simple 8-character password will be broken in a few hours. And if that password is the same in all your portals, tragedy will be inevitable. What should you do then? Follow these tips:

Each of your users should have a different password. Those passwords should be as long as possible, combining numbers, upper and lower case letters, symbols and signs. Better yet: use a password generator. In order not to forget them, you can use a program that stores them, so you only have to remember that of that software. Google’s automatic filling is very good for your Facebook account, but in no way should you enable it to access your website. electronic commerce. Write it yourself – change passwords at least once a month.

Traffic control

Let’s move on to traffic control, the next point to stop after access control and passwords. Immediately afterwards, you must establish a traffic control that is reliable for you. For example, using a web application firewall or WAF. There are many, but the most popular today are those that are based on the cloud. Its cost is not too high.

From then on, WAFs will function as the gate that controls incoming traffic to your site. Thus, you can read all the data that passes. It will block hacking attempts, filter out annoying unwanted traffic. It will avoid bots and spammers on your commercial website, etc.

On the other hand, through the encrypted SSL protocol you can control the traffic related to personal information, from users and clients. That solves the drawbacks of unauthorized accesses, which sometimes lead to corrupt data running around your page.

File uploading, a real danger

At this last point, you must understand that taking care of all the previous ones without being on top of the file load, is equivalent to all the previous work being lost.

It is extremely common for malicious file commands to be contained in file uploads. The challenge is to find them, because even the most robust security systems can let them pass. If that script reaches your server, all the elements that make up your e-commerce website will be in the hands of cybercriminals. In summary, each upload of a file represents a challenge in terms of security.

The most advisable in front of this would be to store the uploaded files outside the main directory. You can use a script to pass the contents after one to another. That way, if someone violates the folder where you upload the files, they will not be able to see your essential data, but only the uploaded files.

Another alternative, although a little more expensive, would be not to use your web server to run the database. That will require hiring a second server, but it ends with a very common danger in an instant.

