According to a report by the U.S. Census Bureau, the third quarter of 2017 saw $107 billion in online sales and a report from Adobe says the fourth quarter did even better with $107.4 billion. This equates to a roughly 14% jump in eCommerce revenue year-over-year.
As online shopping becomes a more viable (and convenient) option for consumers, it’s time for eCommerce companies to address the unique obstacles that stand in their way to closing more business. The first one to look at? All the different types of threats in eCommerce security.
Here’s the thing: just because customers are learning to trust online businesses with their money and personal information doesn’t mean they don’t have reservations about how secure it is to shop online. And they have good reason to be nervous.
eCommerce security threats don’t just target big box retailers. If your eCommerce site has something valuable worth stealing, you might find your site a target of hackers someday, too.
Rather than wait until one of these eCommerce security threats hits your site, you should work on building a proactive prevention plan, whether you get help with it or secure your WordPress website yourself. The key to prevention? Understanding what the threats are, where they will attack, and how to keep them out. Let's check out the biggest eCommerce security threats and solutions to fight back.
eCommerce Security Threats You Need to Know About
If your business has an online presence, you should be concerned with security in general. But for eCommerce companies that deal in monetary transactions on a daily basis, being concerned with security is not enough. You should be obsessed with what those security threats are and how to keep them away from your site.
Here are the most common threats eCommerce sites face:
Blog comments and contact forms are an open invitation to spammers that want to leave infected links on your site or waiting for you and your employees in your inbox. This not only affects site security, but site speed, too.
Emailing fake “you must take action” messages to you and your team is another form of trickery used by hackers. This method, however, only works if you follow through with the action and give them access to your login information or other personal identification data.
You may be aware of bots in their good form; i.e. the ones that crawl the Internet to help rank your site in search. But there are bad bots too that scrape websites for pricing and inventory information. They then use this information to change pricing on your site or hold popular inventory in shopping carts, leading to a drop in your sales and revenue.
And that’s not the only unsettling case of malware injection.
There was eBay whose database was hacked in 2014. While customers didn’t directly lose money as a result of the security threat, their login and password information was compromised.
There was also Target back in 2013 whose partnership with a third-party vendor with unsecured systems led to an attack. Credit card and personal data from tens of millions of customers was stolen and Target had to pay out over $18 million in lawsuits as a result.
Free eCommerce Security Checklist
The 21-Step Checklist to
Ensure a 99.9% Secure WordPress Website
Distributed denial of service (DDoS) attacks do exactly what the name implies: they overwhelm a site’s server and take the site offline. The bot attack of 2016 against Dyn is one of the most high-profile examples of this type of threat.
Your eCommerce Security Protection and Threat Protection Plan
It’s important to note that eCommerce security threats don’t always attack for the purposes of stealing your customers’ credit card information or personal details. Hackers and bots may go digging around your site for access to your own company’s data, too. There are even times when the goal isn’t even financial in nature.
Regardless of the type of eCommerce security threat you face, you can imagine how costly this could end up being to your bottom line and reputation. So, this is where the threat protection plan comes into play.
1. Server Security
First and foremost, ensure that you’re using a web hosting company that you trust has your site’s security top-of-mind. This means there should be a server-side firewall, an option to add a CDN, SSL certificate availability, and hosting plans that don’t require you to share the server environment with other websites. In terms of what you can do to better protect your hosting server, brush up on Apache security best practices.
- ✅ Perfect for WordPress beginners
- ✅ Works for smaller budgets
- ✅ Free migration, 24/7 support, SSL and CDN
💰 Starting at $3.95/mo
SiteGround is one of our favorite hosting providers as far as shared hosting goes. Web hosting is their craft. The latest speed technologies are their passion. Unique security solutions are their specialty. Amazing technical support is their pride. Nuff said!
- ✅ Perfect for websites that need special attention
- ✅ Like having an in-house server technician
- ✅ Free migration, SSL and WordPress updates
💰 Starting at $20/mo
If you're looking for hassle-free WordPress hosting for freelancers and web professionals, Anchor Hosting is for you. Austin's white-glove service is for anybody looking to work with a small, intimate team that can take care of all your hosting needs.
- ✅ Perfect for serious website owners
- ✅ Specialize in high-traffic websites
- ✅ Free migration, SSL and CDN
💰 Starting at $30/mo
Kinsta is a managed WordPress hosting provider where they take care of all your needs regarding your website. They run their services on cutting edge technology and take support seriously. They specialize in high-traffic WordPress site, so if you have one, they're an ideal partner.
2. Payment Gateway Security
Similarly, it’s important to ensure that your payment gateway provider (and, really, any third-party connected to your site) prioritizes security.
3. Antivirus and Anti-malware Software
Equip your network’s computers with antivirus and anti-malware software.
Ideally, your web host has a firewall in place for your server. You should also think about getting one for your computer as well as for the website itself. Many security plugins (like All In One WP Security & Firewall) come with a firewall built in, so you can knock that off your list while simultaneously bolstering your WordPress security.
5. Spam Blocker
As mentioned above, spam can be problematic for your eCommerce site if you have a blog on it or a generic contact form. If that’s the case, use the Akismet plugin to keep known threats away from your site.
6. SSL Certificate
An SSL certificate is no longer optional for eCommerce sites, at least by Google’s standards. It’s an easy (and often free) way to add an additional layer of encryption to the transactions that take place there.
7. PCI Compliance
The PCI Security Standards Council has strict guidelines regarding how you need to secure your website if partaking in eCommerce. These include rules about the type of web hosting, the level of security at the payment processing level, and so on. Be sure to familiarize yourself with these and adhere to them as you build and maintain your site.
Think of a CDN like another layer of hosting for your eCommerce website. This means additional layers of security, too.
9. Security Plugins
As referenced above, a security plugin would be a smart move for keeping your WordPress installation and the front-end of your site safe. In addition to protecting your site from malware and DDoS attacks, it will keep you attuned to any detected threats or issues in real-time. We recommend iThemes Security Pro for this.
Free eCommerce Security Checklist
The 21-Step Checklist to
Ensure a 99.9% Secure WordPress Website
10. Backup Plugins
Don’t forget about having a backup and restore plugin. No matter how fortified your eCommerce site may be, hackers have all the time in the world to experiment with new ways of cracking their way through. So it’s crucial that you be prepared with a way to quickly recover if something should happen to your site.
11. Update Regularly
When software goes without required or even suggested updates from the provider, you’re putting your eCommerce business at risk. So, keep everything updated and do it regularly. This includes:
- Your computer
- Your company’s network
- Your server software
- Your PHP version
- The WordPress core
- Your WordPress plugins and themes
While you might expect that hackers go straight for credit card information (which they do), they also target user login information. In fact, a report from CMSWire says that 75% of all attacks on eCommerce sites during the 2016 holiday season were targeted at the login. Needless to say, stringent password security policies (including two-factor authentication) are a must.
At the end of the day, your goal is to provide a safe place for customers to shop online. And you also want to conduct business in a way that keeps your bottom line protected as well. In addition to the eCommerce security threats and solutions above, you should also think about conducting regular security audits on your WordPress site.
If you’re intimidated by the process or unsure if you have the time to dedicate to fighting all the types of threats in eCommerce, then hire a trusted WordPress maintenance partner to help you. Or you may even want to look at some of the other best eCommerce platforms or consider starting an online boutique of your own.
Want to give your feedback or join the conversation? Add your comments 🐦 on Twitter.
Brenda Barron is the blog editor for the WP Buffs WordPress blog and a freelance writer from southern California. When not working, she’s spending time with her family, homeschooling her kids, knitting, and getting outdoors. Find out more about her at Digital Inkwell. If you want some freebies, check out our free speed and security ebooks, webinars for WordPress professionals, WordPress blog or WordPress podcast all about building monthly recurring revenue.