Security in your store
Merchants do not have to worry about their store security. Online store complies with to the highest international safety standards so you can rest assured that your store and your customers are safe. All stores operate via a secure connection (HTTPS), protected by an SSL certificate.
However, you need to protect your account by using strong passwords. And if your store is added to your own website, you need to take care of that site’s security as well.
In this article, we describe some tips that will be useful your everyday internet surfing.
Use strong passwords
Use strong and unique passwords for each of your accounts, from your online store to your email and social media. When creating passwords follow general recommendations from Google:
Create a unique password for every account
Your password should consist of at least 6 characters
Use a mix of letters, numbers, and symbols
Use upper and lower case
General words and common expressions
Keyboard patterns like “qwerty” or “12345”
Personal information: names, addresses, ID numbers, and other.
If you use Gmail, we also recommend that you enable two-step verification for your account.
Secure your domain
To secure your domain, you need to be the owner of it. If you’re using your custom domain name for your store, make sure that you own it. If your domain is owned by anyone else, this person can potentially sell the domain name or connect it to another site.
If you are not the owner of your domain, move it to your account using the instructions of your domain provider:
If you are just going to buy a domain name, register it for your own name.
Secure your hosting
To provide security for your site’s hosting account, make sure you own it. If your site for the store is built on CMS that requires hosting (WordPress.org, Adobe Muse, or Joomla website), make sure that you own your hosting subscription. Otherwise, the person who owns your hosting account will be able to do anything with your website, even delete it.
Install an SSL certificate for your website
Your store and Instant Site are already protected with an SSL certificate. If your store is added to your own website, you need to purchase and install an SSL certificate for it as well.
An SSL certificate protects the data sent through your site — customers’ names, addresses, phone numbers, credit card details — from hacker attacks.
If you use your own domain with Instant Site, it runs via HTTPS and is SSL protected by default. See our article about how to connect your domain to Instant site.
If you added the store to your own website that doesn’t have an SSL certificate, your store is still protected, but your customers will not see the secure “lock” icon anywhere except during checkout, which they might find frustrating. In this case you have to purchase and install SSL for your own website.