Security in your store

Merchants do not have to worry about their store security. Online store complies with to the highest international safety standards so you can rest assured that your store and your customers are safe. All stores operate via a secure connection (HTTPS), protected by an SSL certificate.
However, you need to protect your account by using strong passwords. And if your store is added to your own website, you need to take care of that site’s security as well.

In this article, we describe some tips that will be useful your everyday internet surfing.


Use strong passwords

Use strong and unique passwords for each of your accounts, from your online store to your email and social media. When creating passwords follow general recommendations from Google:

Do:

Create a unique password for every account
Your password should consist of at least 6 characters
Use a mix of letters, numbers, and symbols
Use upper and lower case

Don’t use:

General words and common expressions
Keyboard patterns like “qwerty” or “12345”
Personal information: names, addresses, ID numbers, and other.

Install a password manager – a special service that generates unique and strong passwords and keeps them safe. When you use a password vault, you need to remember just one master password to the vault. We recommend using 1Password and LastPass.

If you use Gmail, we also recommend that you enable two-step verification for your account.


Secure your domain

To secure your domain, you need to be the owner of it. If you’re using your custom domain name for your store, make sure that you own it. If your domain is owned by anyone else, this person can potentially sell the domain name or connect it to another site.

If you are not the owner of your domain, move it to your account using the instructions of your domain provider:

If you are just going to buy a domain name, register it for your own name.


Secure your hosting

To provide security for your site’s hosting account, make sure you own it. If your site for the store is built on CMS that requires hosting (WordPress.org, Adobe Muse, or Joomla website), make sure that you own your hosting subscription. Otherwise, the person who owns your hosting account will be able to do anything with your website, even delete it.

With Online store, it is not necessary to buy hosting as you can sell from Instant Site or add your store to Facebook. Though if you already have a website, you can add your store there as well.


Install an SSL certificate for your website

Your store and Instant Site are already protected with an SSL certificate. If your store is added to your own website, you need to purchase and install an SSL certificate for it as well.

An SSL certificate protects the data sent through your site — customers’ names, addresses, phone numbers, credit card details — from hacker attacks.

If you use your own domain with Instant Site, it runs via HTTPS and is SSL protected by default. See our article about how to connect your domain to Instant site.

If you added the store to your own website that doesn’t have an SSL certificate, your store is still protected, but your customers will not see the secure “lock” icon anywhere except during checkout, which they might find frustrating. In this case you have to purchase and install SSL for your own website.