Atlantic.Net Blog

10 eCommerce Security Best Practices & Adding Ease-of-Use

by Atlantic.Net (11posts) under PCI Hosting

English: First 4 digits of a credit card

As we all know, making it in this day and age with a cash-only and/or bartering website is difficult. That’s why many online businesses are starting to accept credit cards (these hard plastic things with a bunch of numbers on them). Credit card payments, though, involve security concerns. This piece will explore some of the best practices to ensure your site keeps online payments secure for every possible transaction (including IOUs).

Additionally, we will look at other ways to enhance the usability of your site. Making the site secure enhances both your comfort and that of your customers. Ensuring it is as user-friendly as possible places emphasis directly on the customers, making them more likely to buy your $12,000 handmade, gilded and precious-stone-encrusted hookahs.

To conduct this exposition, we will look at the thoughts (and feelings, but no epiphanic spiritual transformations) of Lesley Paone of Designhaus42 and Vanessa Tran of Canvas of Innovation. I will also provide some of my own ideas, especially regarding where to get the best tacos in San Antonio.

  1. .htaccess – Using hypertext access on your site, says Lesley, is a standardized way to implement two-factor authentication, complicating entry into your administrative portal. This method simply doubles the checkpoints – requiring an additional username and password. Creating unique and randomized login credentials for each will further bolster your security. Try Perfect Passwords, or painstakingly translate the cryptic psychic energy of a moth.
  2. Breadcrumbs – Installing a breadcrumb plugin on your site will allow your customers to easily navigate so that they do not become confused and start sobbing. Also, as Vanessa reminds us, breadcrumb functionality assists with search engine rankings as well.
  3. Differing E-mail – Use a separate e-mail address for the login to your e-commerce application. As Lesley discusses, it is ideal to completely separate your primary, “real” e-mail address from the one you use to access your back-end. If hackers get into your e-mail, you don’t want them to be able to start running your store (unless they promise not to take anything from the stockroom).
  4. Cross-selling –Though this may not seem like a UX (user experience) issue, cross-selling can make buying easier for customers. As Vanessa advises, make sure that your online store optimizes efforts to let potential buyers know about similar products. This functionality can be implemented both in product pages and once a visitor has put an item into her shopping cart. Also, make your most popular products, such as antique Prussian Army military-grade horse shampoo, highly visible and marked as such.
  5. Cpanel – Per Lesley, the majority of e-commerce websites, when attacked, are infiltrated via Cpanel or FTP. The reason this route is chosen is that WHMCS is programmed, by default, to use the beginning eight letters of your domain when it generates a username. Hackers know this and regularly exploit the weakness. Change the username to something different and unique, such as dk395485#&*red9 or Amy.
  6. Order Page – Vanessa reminds us of the importance of the content on your pages where customers are placing the orders. This information can be anything from answers to common questions, standard shipping fees, and what they can expect following purchase. Don’t use that page to make angry comments about your ex-boyfriend.
  7. Database Defaults – Lesley makes the point that, generally, content management systems (CMSs) and online shopping applications create database prefixes by default. The WordPress one is wp, for example. Adjust the prefix so you’re less likely to experience sql injections or sudden bouts of default-prefix-related dysphoria.
  8. Confirmation Page – Make sure that your confirmation page contains full and thorough details on both the items being purchased and the costs, says Vanessa. Also, it’s crucial that your customers are able to make changes at that point and see what the adjusted costs will be. Making that page user-friendly is crucial because it is the last page in the ordering process, so no death metal soundtrack on that page either.
  9. Obscure Software – Per Lesley, sometimes hackers target sites using certain shopping carts en masse by finding weaknesses in the code. For this reason, don’t make it obvious what system you use. Often, e-commerce applications automatically place a meta-tag in your site’s header, which serves as a signature hackers can easily recognize. Remove it. Additionally, change the path used by your themes folder; the default path can allow identification as well. (So can a bright orange top hat.)
  10. Five-second Test – Finally, Vanessa offers a great idea on first impressions. Get together with a friend, open up your site, and have them look at it for 5 seconds. Then close the page. Get as clear a sense as possible of their immediate thoughts and whether they would feel comfortable buying. This quick test can help you understand the thoughts and concerns of a random visitor, such as, “Where’s the men’s room?”


That gives you some broad ideas on best practices for e-commerce, both to ensure security and to optimize usability. Lesley also mentions the importance of using a secure and trusted web hosting provider. That, my friend (we are friends, right?), is where we come into play. Check out our hosting services, such as our PCI compliant solutions to learn more. And oh, I will get back to you about the tacos.

by Kent Roberts
Get A Free To Use Cloud VPS

Free Tier Includes:
G2.1GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom