Websites and webstores are getting hacked everyday – even brick and mortar stores can’t escape the hacking hordes. When it comes to protecting your own site, building a digital Fort Knox might protect you, but you might be preventing your customers from legitimate participation as well.
While the Heartbleed bug may have put the personal or financial details of millions of people at risk, Offsite Checkout services – where payments are made on secure web pages that are not hosted by you, like Paypal and Google Wallet – remained unaffected. This is just one example where delegating a service might mean a slightly higher cost but offers peace of mind.
Cloudflare.com’s $20/month Pro plan integrates a Content Delivery Network, firewall and security protection as well as an SSL certificate. Their free and pro services are very easy to set up and are compatible with virtually every Content Management System from WordPress and Joomla to flash and plain html.
For wordpress users there are plugins such as Wordfence and iThemes Security – some of the features offered by these plugins are redundant and can also overlap with other services like Cloudflare. And while you may think there’s no such thing as too much security, just remember that security schemes and plugins often negatively impact the performance of your site, leading to less positive page metrics and potentially lower sales. Be on the lookout for security options that are effective but do NOT restrict your site’s performance. The Login Lockdown plugin is a great example of a solution that works well for keeping your site secure without hamstringing the speed of your pageloads.
Protecting your site from being defaced is important, but it might be even more important to consider your plan for recovery after the act. No matter how much time, effort and money you put into making your site safe and secure, there’s still no guarantee of total security. Be sure to keep up to date backups. Most web hosts keep varying levels of backups of the entire hosting server (we backup each server on a daily basis). Due to the nature of large scale backup systems however, getting your site restored after it has been defaced can be a slow process. You’re also completely relying on a single method of backup for your entire website. If your site is extremely valuable, consider keeping personal backups on third party cloud services like Box.net, SpiderOak, AmazonS3, DropBox, etc.
We encourage WordPress ecommerce sites to use VaultPress. It’s the service we use and recommend.
Leave a Reply