Skip to main content
Sign in
Español Français Italiano

Best Practices to Secure Your Store

  • Updated

The security of your store is crucial, both for you and your customers. Hacking can occur in many ways: hijacking your payment methods to steal funds or banking details, stealing customer data, retrieving your back-office password, among others.

There are several ways to strengthen your store's security across different areas:

 

Credentials

  • Carefully keep all the credentials you generate when creating your store (FTP, back office, hosting, etc.), and only share them with trusted individuals.
  • Use a login and password manager.
  • Create profiles tailored to each type of intervention on your store, and different accounts for each person working on the store (employee, designer, support, etc.).
  • Revoke administrator access that you no longer need.

 

Hosting

  • Secure your servers by using appropriate firewalls.
  • Make sure your hosting service regularly backs up your store, and/or make your own backups.
  • You can also choose managed hosting, which means a server management service is included. Often more expensive, this solution, however, makes it easier to implement and maintain server security.

 

Orders and Payment

  • If possible, check daily that your order process visually appears normal and that payment access is in a normal state.
  • Check transactions daily to ensure they are correctly recorded both in your PrestaShop store's back office and your bank's back office.

 

Modules

  • Be careful with the modules you install on your store. A module downloaded from just any forum may contain a security vulnerability or even be designed to create a back-office entry point. It is preferable to use the PrestaShop Marketplace to find your modules.
  • Keep your modules up to date. Some updates are specifically made to fix security vulnerabilities.

 

Finally, stay curious and attentive! If something on your site changes overnight, investigate. For example, has a module been installed recently? Has an external party worked on the store?

If you can't find a solution after collecting this type of information, don't hesitate to contact your web agency or PrestaShop support.

 

Related articles