Is Your Ecommerce Site Secured and Ready for the Http2 Switch?
WordPress is a great platform, but let’s face it, it has some security issues. Despite all the warnings, it’s just too tempting to not at least try a plug-in here and there. Especially when you consider the many complicated tasks involved with managing a website. If it saves time, most of us would give just about anything for that, including a bit of security. While many plugins deliver what they promise, they often deliver a whole lot more than we bargained for. Why? Because plugins leave more open doors on our website for undesirables to get thru.
Securing Your Ecommerce WordPress Site
Securing transactional pages on your site is already familiar to you as an ecommerce retailer. But currently it’s only necessary to secure pages where customers are entering credit card information. As such, many have probably opted to secure only those transactional pages leaving the rest of them, as is. What you may or may not have realized is that your unsecured pages issue warnings to visitors about the page not being secure. While this isn’t loudly announced and doesn’t appear to be overly threatening, it can plant seeds of distrust in your visitors, which in turn can have an effect on your sales. It’s a simple warning that entering details on that page may not be safe. But, imagine if they see that warning on one of your pages before they see a secure page. Most will assume every page is unsafe and refrain from doing much of anything on your site.
Rethinking Your Ecommerce Security Plan
Nowadays securing every page should be a strong consideration and not just for ecommerce websites. For everyone. As an ecommerce retailer, it’s imperative. I feel it’s safe to assume that if you want to protect your customers, you also want to protect yourself, since one doesn’t exist without the other, right? What I mean is, your site is at a higher risk on those unsecured pages, of an attack by hackers who aren’t necessarily seeking credit card information. They are thrill seekers looking to destroy things, like your website while allocating your bandwidth to their own secret virtual server they have set up. You may never even know it except for the latency that usually creeps up gradually as they begin to steal more and more of your resources. I once was able to login to one of these secret servers that was stealing bandwidth from me. The login details happened to be written in the code on a file in the admin area. After logging into the server, I changed the password and locked them out of their own scam. Easy fix, and quite exhilirating. I doubt this will be the case every time however. More often than not, completely rebuilding your site becomes necessary since the code has been infiltrated with too much of the bad kind.
WordPress Security Plugins
Yes, I know I said plugins are the cause for security holes in your website. But many security plugins seek to plug those holes. What’s even better is they have features that allow you to lock your site down in times of an attack. This has come in handy for me several times bringing with it a bit of revenge satisfaction as I perform pest control. If only I could give them my float wave as they are abruptly booted from any loadable version of my website. Now that would be the ultimate satisfaction. One thing is for sure, without changing any settings on my security plugin I was mortified to find out how many times in any given day someone has attempted to hack into my site. Just to give you an idea of how often, it became necessary to turn off the email notification feature that alerts me when someone has been locked out of my site. This may not sound threatening to you but when you consider that I don’t allow user sign-ins on any of my websites so literally all of those emails were undesirables, then you can begin to understand my disbelief.
Prepare Your Ecommerce Site for the Protocol Change
Change is in the air again on the worldwide web and yes good old Google is behind it. But, this change will be a definite improvement and a fairly large step forward in terms of speed and responsiveness for websites. It’s a new protocol called HTTP2. The catch is, your site must already have the HTTPS protocol before you make the switch. This is undoubtedly why hosts are handing out security certificates for minimal, if any, cost right now. Most VPS packages actually came with full security certificates for all sites on the same server. So if your host is being stingy about issuing security certificates or wants to charge some outrageous cost for them, that might be a bit suspect.
So planning any redesign around the protocol switch makes good sense to minimize the downtime or issues that can result from address changes. Don’t forget to redirect all pages of your site for the best experience for your visitors.
However now that you know this, don’t go out and make any hasty changes right away. Though the protocol is live currently and some hosts are already offering it, it will be a while before you will absolutely have to make the switch. And I must warn you, it won’t be a seamless switch. Be sure you prepare as much as possible to minimize the issues as there will undoubtedly be a few. The first thing however, that you can do right now, is secure all pages on your website if you haven’t already. This is the first step in preparation. Talk to your host about how they plan to update for the switch and get a feel for how you will plan yours, around that.
Just know that it’s coming and that eventually you will have to make the change from a fully secure website.