Forensic Control

How to Protect Your Website and Ecommerce Platform from Cyber attacks



If you own a business, you more than likely own a website or ecommerce platform, or both, but one thing is for sure a cyber attack on your business platform can cause untold damage and costs. A cyber attack could compromise your website, ecommerce platform, or network, resulting in data breaches, financial losses, reputational damage, or legal liabilities. Therefore, it is essential to protect your online assets from cyber attacks by implementing effective security measures and best practices.

Implementing Cyber Essentials

One of the ways to improve your cyber security posture is to obtain a certification from Cyber Essentials, a UK government-backed scheme that sets out the basic technical controls to prevent common cyber attacks. Cyber Essentials certification demonstrates that your organisation has met the minimum standards of cyber security and can protect your data and systems from cyber threats. Cyber Essentials certification can also help you comply with data protection regulations, such as the General Data Protection Regulation (GDPR), and win contracts from customers who require a certain level of cyber security assurance.

Another way to enhance your cyber security is to conduct regular vulnerability scans of your website, e-commerce platform, and network. A vulnerability scan is a process of identifying and assessing the weaknesses in your online assets that could be exploited by hackers. A vulnerability scan can help you discover and fix any security flaws, such as outdated software, misconfigured settings, or exposed ports, before they are exploited by cyber criminals. A vulnerability scan can also help you prepare for Cyber Essentials certification, as it is one of the requirements for Cyber Essentials Plus, the higher level of certification that involves a more rigorous assessment of your cyber security.

Carry Out Regular Vulnerability scanning

To perform a vulnerability scan, you will need to use an approved vulnerability scanning tool, such as the ones recommended by CREST. A vulnerability scanning tool can scan your external and internal network devices, such as your website, firewall, or servers, and generate a report that lists the vulnerabilities found, their severity, impact, and solution. You can then use the report to prioritise and remediate the vulnerabilities, and improve your security posture.

By obtaining Cyber Essentials certification and conducting regular vulnerability scans, you can protect your website and e-commerce platform from cyber attacks, and ensure the security and privacy of your data and customers. However, these are not the only measures that you should take to safeguard your online assets. You should also implement other security best practices, such as using strong passwords, encrypting your data, updating your software, backing up your data, training your staff, and monitoring your network. By doing so, you can reduce the risk of cyber attacks, and increase the trust and confidence of your customers and stakeholders.

A step-by-step guide to protecting your website and ecommerce platform

If you are wondering how to protect your website and ecommerce platform from cyber attacks, here is a simple step-by-step guide that you can follow:

  1. Choose a secure web host and e-commerce platform. Your web host and e-commerce platform are the foundation of your online business, so you need to make sure they offer reliable security features and support. Look for a web host that has a good reputation, offers malware protection, firewall, SSL certificates, and 24/7 support. Similarly, look for an e-commerce platform that has built-in security measures, such as encrypted payment gateways, SSL certificates, and authentication protocols. Some of the popular and secure web hosts and e-commerce platforms are Namecheap, Hostinger, (Shopify), and (WooCommerce).
  2. Secure your passwords. Passwords are the key to access your website, e-commerce platform, and user accounts, so you need to make sure they are strong and unique. Use a combination of uppercase and lowercase letters, numbers, and symbols, and avoid using common or predictable words or phrases. You should also change your passwords regularly and never share them with anyone. You can use a password manager, such as Nordpass, to generate and store your passwords securely.
  3. Get an SSL certificate. An SSL certificate is a digital certificate that encrypts the data that is exchanged between your website and your visitors. It ensures that the information, such as credit card details, personal information, or login credentials, is protected from hackers and identity thieves. An SSL certificate also helps you build trust with your customers, as it shows that your website is secure and authentic. You can get an SSL certificate from your web host, your e-commerce platform, or a third-party provider, such as [Let’s Encrypt] or [Comodo].
  4. Install security plugins and anti-malware software. Security plugins and anti-malware software are additional tools that can help you protect your website and e-commerce platform from cyber attacks. They can scan your website for malware, viruses, spam, and other threats, and remove them automatically. They can also block malicious bots, hackers, and brute force attacks, and alert you of any suspicious activity. 
  5. Schedule regular site updates. Site updates are essential to keep your website and e-commerce platform secure and functional. They can fix any bugs, vulnerabilities, or compatibility issues that may affect your site performance or security. They can also add new features, improvements, or enhancements to your site functionality or design. You should always update your web host, e-commerce platform, plugins, themes, and software to the latest version, and backup your site before and after each update. 
  6. Perform timely backups. Backups are copies of your website and e-commerce platform files and data that you can use to restore your site in case of a cyberattack, a site crash, or a human error. Backups can help you recover your site quickly and easily, and minimise the damage and downtime caused by a security incident. You should perform backups regularly, preferably daily, and store them in a secure location, such as a cloud service, an external hard drive, or a remote server. 
  7. Add multi-factor authentication (MFA). MFA is a security feature that requires users to provide more than one piece of evidence to verify their identity before accessing your website or e-commerce platform. For example, you can require users to enter a password and a code sent to their email or phone, or use a biometric factor, such as a fingerprint or a face scan. MFA can prevent unauthorised access, even if the password is compromised. 
  8. Regulate user roles and permissions. User roles and permissions are the levels of access and control that you assign to different users on your website or e-commerce platform. For example, you can assign an administrator role to yourself, an editor role to your content manager, and a customer role to your buyers. User roles and permissions can help you manage your site efficiently and securely, as you can limit the actions and data that each user can perform or access. 
  9. Use secure payment gateways. Payment gateways are the services that process and authorise the payments that happen on your website or ecommerce platform. Payment gateways are responsible for handling sensitive customer data, such as credit card details, bank account information, or billing addresses. Therefore, you need to use secure payment gateways that comply with the Payment Card Industry Data Security Standard (PCI DSS), which is a set of rules and regulations that ensure the security of online transactions. 
  10. Avoid storing confidential data. Confidential data is any data that is personal, sensitive, or valuable, such as customer information, payment details, passwords, or business records. Storing confidential data on your website or e-commerce platform can expose you to the risk of data breaches, identity theft, or fraud, as hackers can access or steal your data if they manage to break into your site. Therefore, you should avoid storing confidential data on your site, and instead use secure third-party services, such as payment gateways, cloud storage, or encryption tools, to handle and store your data. You should also delete any unnecessary or outdated data from your site, and use a plugin.


If you have a third party website developer or IT support company you should ask them if they can provide support in securing your website and ecommerce platform. Alternatively deploying your own security strategy by following the above steps will help reduce risk. However to be completely sure you are protected you should use a Cyber Security firm to ensure you have the best protection in place. To find out how we can assist you feel free to contact us today.

Related content

As computer forensics experts we are bound to abide by the ACPO Principles of Digital Based Evidence, ACPO being the Association of Chief Police Officers. ACPO provides a set of Guidelines for Computer Based Evidence, and they come with a suite of four essential principles. Here they are.
Computer forensics, sometimes known as digital forensics, is undertaken by trained examiners who pull data (search histories, purchase records, time logs and more) from devices including, but not limited to: computers, tablets, and smartphones.


Sign up here if you wish to receive updates and news from Forensic Control by email. We will not send you anything else and you may end the subscription at any time.

By providing your email address, you agree to receive marketing
messages as per our Privacy Policy