10 eCommerce Security Best Practices & Adding Ease-of-Use

As we all know, making it in this day and age with a cash-only and/or bartering website is difficult. That’s why many online businesses are starting to accept credit cards (these hard plastic things with a bunch of numbers on them). Credit card payments, though, involve security concerns. This piece will explore some of the best practices to ensure your site keeps online payments secure for every possible transaction (including IOUs).

Additionally, we will look at other ways to enhance the usability of your site. Making the site secure enhances both your comfort and that of your customers. Ensuring it is as user-friendly as possible places emphasis directly on the customers, making them more likely to buy your $12,000 handmade, gilded and precious-stone-encrusted hookahs.

We will look at the thoughts (and feelings, but no epiphanic spiritual transformations) of Lesley Paone of Designhaus42 and Vanessa Tran of Canvas of Innovation to conduct this exposition. I will also provide some of my own ideas, especially regarding where to get the best tacos in San Antonio.

1. .htaccess – Using hypertext access on your site, says Lesley, is a standardized way to implement two-factor authentication, complicating entry into your administrative portal. This method doubles the checkpoints – requiring an additional username and password. Creating unique and randomized login credentials for each will further bolster your security. Try Perfect Passwords, or painstakingly translate the cryptic psychic energy of a moth.
2. Breadcrumbs – Installing a breadcrumb plugin on your site will allow your customers to easily navigate so that they do not become confused and start sobbing. Also, as Vanessa reminds us, breadcrumb functionality assists with search engine rankings as well.
3. Differing E-mail – Use a separate e-mail address for the login to your e-commerce application. As Lesley discusses, it is ideal to completely separate your primary, “real” e-mail address from the one you use to access your back-end. If hackers get into your e-mail, you don’t want them to be able to start running your store (unless they promise not to take anything from the stockroom).
4. Cross-selling –Though this may not seem like a UX (user experience) issue, cross-selling can make buying easier for customers. As Vanessa advises, make sure that your online store optimizes efforts to let potential buyers know about similar products. This functionality can be implemented in product pages and once a visitor has put an item into her shopping cart. Also, make your most popular products, such as antique Prussian Army military-grade horse shampoo, highly visible and marked as such.
5. Cpanel – Per Lesley, the majority of e-commerce websites, when attacked, are infiltrated via Cpanel or FTP. This route is chosen because WHMCS is programmed, by default, to use the beginning eight letters of your domain when it generates a username. Hackers know this and regularly exploit the weakness. Change the username to something different and unique, such as dk395485#&*red9 or Amy.
6. Order Page – Vanessa reminds us of the importance of the content on your pages where customers are placing the orders. This information can be anything from answers to common questions, standard shipping fees, and what they can expect following the purchase. Don’t use that page to make angry comments about your ex-boyfriend.
7. Database Defaults – Lesley points out that, generally, content management systems (CMSs) and online shopping applications create database prefixes by default. The WordPress one is wp, for example. Adjust the prefix so you’re less likely to experience SQL injections or sudden bouts of default prefix-related dysphoria.
8. Confirmation Page – Ensure that your confirmation page contains full and thorough details on both the items being purchased and the costs, says Vanessa. Also, it’s crucial that your customers can make changes at that point and see what the adjusted costs will be. Making that page user-friendly is crucial because it is the last page in the ordering process, so no death metal soundtrack on that page either.
9. Obscure Software – Per Lesley, sometimes hackers target sites using certain shopping carts en masse by finding weaknesses in the code. For this reason, don’t make it obvious what system you use. Often, e-commerce applications automatically place a meta-tag in your site’s header, which serves as a signature hackers can easily recognize. Remove it. Additionally, change the path used by your themes folder; the default path can also allow identification. (So can a bright orange top hat.)
10. Five-second Test – Finally, Vanessa offers a great idea on first impressions. Get together with a friend, open up your site, and have them look at it for 5 seconds. Then close the page. Get as clear a sense as possible of their immediate thoughts and whether they would feel comfortable buying. This quick test can help you understand the thoughts and concerns of a random visitor, such as, “Where’s the men’s room?”

Conclusion

That gives you some broad ideas on best practices for e-commerce to ensure security and optimize usability. Lesley also mentions the importance of using a secure and trusted web hosting provider. That, my friend (we are friends, right?), is where we come into play. Check out our VPS hosting services and  PCI compliant hosting, to learn more. And oh, I will get back to you about the tacos.

by Kent Roberts