ECOMMERCE SECURITY INSIGHTS
Free eCommerce Cybersecurity Resources.
What do we know about eCommerce security?
Well... quite a lot. We monitor the security posture of over 11 million websites, most of which are eCommerce sites on a wide range of platforms/CMS/Shopping Carts/Frameworks.
Our forensic team helps MANY hacked eCommerce websites each year - much of our capability to proactively detect threats comes from this experience.
We know how the criminals break in and steal data from eCommerce sites - we know which platforms are being targeted more than others - and why.
Our mission is to protect small and growing businesses from criminals - through information, education and our technologies.
What are the latest insights?
Download our latest report at the link below (scroll down for previous reports).
Enter your email address to receive eCommerce Security Advice and report updates
We will not share your email and will only send you report updates and related security advice. You may unsubscribe by clicking the unsubscribe link on each email.
Start your journey to a safe eCommerce website here:
Update your password regularlyThis is age-old advice - so we wouldn't suggest it if it wasn't critical. Read our blog for advice on how to choose a safe password. Multi Factor Authentication will provide even stronger protection - a low-cost but highly effective security control.
Change your Admin Path URLThis is the URL you and your team use to log in to your website. Website platforms have default settings - as an example, Magento websites by default use the same variation of URL. If you leave your admin access in the default location, it makes it very simple for an attacker to find your admin page - and they have a far better shot at gaining access to your website. In fact... it's easy to break in, unless you have security in place to protect your site.
Monitor the accounts which are accessing your website's backendNever share accounts. Run regular audits on admin accounts - keep admin access to a minimum. You should know who has access to your website. If accounts are logging in at unexpected hours, this could be a sign that an attacker has compromised the account.
Check your recently changed files - are they genuine?Many compromises involve files being added or changed on a website. Take a look at your change log for any suspicious file activity - who made those changes, were they planned, are the files legit?
Scan your website regularly for indicators of compromise, malware
Using an external malware/IOC scanner, such as ThreatView for free monthly external scans using the latest threat intelligence - can give you a quick and simple insight into the security posture of your website.
ThreatView includes historic data so that you can track changes to your Risk Score over time.
Monitoring & Protecting your website
Get started with ThreatView today