Sales like BlackFriday, Thanksgiving and other ones have become a huge hit with coming of e-commerce. Billions of dollars are spent within a few days time during thanksgiving period on online shopping.
You’ve prepared your OpenCart store well for the sales. Made sure that every product is in stock, coupon codes are ready and marketing is in full swings. However, one think you might have forgotten is: Security. Just like you hackers also eagerly wait for Thanksgiving sales because this is the time when they perform biggest hacks and scams. During thanksgiving sales hackers hacking for financial gains increases by staggering 9.1%.
OpenCart has always evolved it’s security with time. However, sometimes webmasters tend to miss out on some measures or hackers are smart enough to still figure out a loophole. Whatever the problem might be, you do not want to take a chance on the most important days of the year.
Tips to Keep Your OpenCart Store Secure During Sales:
- Assure You Are Updated: Make sure that you are running the most secure version of OpenCart. It is recommended to use the latest version3.0.x.x as it has come with a number of OpenCart security features that can come handy.
- Hackers Exploit Plug-ins: While OpenCart might be sturdy and secure, hackers try to come in via plug-ins you’ve installed. It is often seen that plug-in developers keep security on a back seat which leads to stores using those plug-ins also being vulnerable. Be sure to install plug-ins only from reliable companies. Reviewing the code of the plug-ins and adding an additional layer of security like input sanitization on inputs being taken from plug-in is recommended.
- Check for Known Vulnerabilities: If for some reason you cannot upgrade your OpenCart to the latest version, then it is highly recommended to make sure the version in use is patched. Whenever there has been a security incident with an OpenCart version an advisory has been released. Here’s how you can quickly assure that patches are in place:
- Go to google
- Type ‘OpenCart your version vulnerability’
- You’ll see a list of all the vulnerabilities associated with your version of OC
- Now read more on their patches and put them in place
- Look for signs which show that your website is hacked
- Hide Admin Panel: Often hackers write automated bots that try and brute force into your admin panel. It is recommended that you change the URL of the admin panel. The URL www.yourstore.com/admin is quite easy to guess and tells hackers that security hasn’t been taken into account. The ideal URL should be something that is difficult to guess.
In addition, putting htpassword protection also goes a long way. It adds one more layer to the security of the admin panel. Here’s a quick way to generate htpassword using this tool.
- Doubt Check Payment Flow: The ‘adding to cart’ and ‘make a payment’ flow are two areas that are exploited by hackers the most. Sometimes plug-ins modify these flows to add certain functionality. However, due to some vulnerability in these plug-ins hackers can target your shop. The following types of business logic hacks are the direct cause of such loopholes:
- Hackers buying a product without making payment
- Ability to change the prices of products
- Pointing payments to their own accounts Having a security assessment done for these flows is highly recommended. More so because this directly affects
your customers who trust you with their personal information.
Thanksgiving/BlackFriday and other sales are the most important time of the year for any online store owner. OpenCart assures that it is super convenient for you to use and can scale as you attract more visitors to your site. However, security is something that a business owner needs to take in his own hands. It is recommended to either use an OpenCart firewall or get a black Friday security scan done with Thanksgiving just around the corner.