There’s a few things people can mean when they say a website’s been “hacked.”
Often it’s that a hacker got access to a website’s code files and changed them. This usually happens when a website owner has a weak password (tip: longer is better, special characters better yet) or has been ignoring software updates for a while (mostly WordPress.org sites).
Another way a website can be hacked, specific to e-commerce sites, is when credit card information submitted through a payment form is intercepted. And just like it sounds, it’s pretty serious.
Fortunately, you don’t have to be an expert in internet security to make sure your website’s safe. Or let the fear of dealing with credit cards keep you from selling on your own site.
There’s just two simple things that every online business owner with an e-commerce component on their site should have straight.
1. Is the payment form on your site or someone else’s?
If you have, say, a PayPal button on your website that takes customers to PayPal.com to pay, the payment form is not on your site. This means you don’t have to worry about security– PayPal’s got that covered for you.
On the other hand, if the payment form that takes customers’ credit card info is located on your own site– at www.yourdomainname.com/checkout, for example– chances are the security responsibility is on you.
You should be able to find information about this through an e-commerce platform’s website before you choose to use it, or else you can go to a website that uses the platform you’re interested in to check.
Because of how beautifully slick some e-commerce platforms are these days, sometimes it’s not obvious at first glance whose website the payment form is on. For instance, some e-commerce platforms– Gumroad and Shoplocket, to name a few– offer a pop-up payment form that appears to the customer as if it’s on your site though it’s actually coming from theirs. An illusion, if you will.
When in doubt, you can always right-click close to the payment form and choose the menu option “View source.” (Unless the option “View frame source” exists, in which case click that one.) That’ll open a new tab or window, and there you can see in the address bar whose domain name is hosting the form.
2. Are you using an SSL certificate?
If your payment form is on someone else’s website, you don’t need to worry about an SSL certificate. If it is on your own site, however, it’s illegal not to.
Let’s talk quickly about what an SSL certificate is.
The way credit card information is protected when transferred electronically is by encryption. This means distorting the data, so it looks like a jumbled mess to hackers trying to get it.
The mechanism we use to encrypt websites is to install an SSL certificate– a special key unique to your site with which to scramble and unscramble the data.
Luckily, setting up an SSL certificate can be incredibly easy. That is, as long as you buy the SSL certificate from your own web host. Almost all of them offer automatic SSL certificate installation, so you just look for where in your admin space you can buy one, purchase it, and let their tech team do the rest.
If you were to buy an SSL certificate from another website, let’s say NameCheap.com, even though your website is hosted by Bluehost, configuration will be more complicated. Not impossible, of course, but there’s just some steps to go through. You can search your host’s “help” section to find them.
Finally, be sure to always include the “s” (as in “https://”) in the link for your checkout page, since this is the only way the SSL certificate will be used and the credit card information protected. Some e-commerce platforms, such as WooCommerce, will have a checkbox in your settings for “forcing SSL.” This automatically switches the url to “https” for anyone visiting the site, so be sure to use this if it’s offered to you.
And that’s it! That wasn’t so bad, huh? If you have any questions regarding website security or SSL certificates, be sure to leave them below.
Further, if you’re curious to know exactly which e-commerce platforms require an SSL certificate or not, you can always save yourself the research by checking out my Ultimate E-Commerce Platform Comparison. :)