2 Feb 2021

Keeping your Website or Ecommerce store secure in 2021

Digital Growth Programme consultant Rob Gregory shares why data security is so important for your Website or Ecommerce store, and what businesses need to consider to ensure they are secure and protecting not just themselves but their customers.

Rob Gregory
Why is security so important?

In any business arrangement security and privacy are very important. You wouldn’t leave a proposal, contract, invoice or email lying around in the park for anyone to pick up and read. So it follows that we need to be in control of our online security and privacy in order to protect our customers and our own businesses. Data has value and with that value comes the risk of data being used in ways that we are not comfortable with, or worse still used to perpetrate criminal activity.


What exactly are we trying to protect?

Illustration of man coding on laptop

The simple answer here is everything. We need to protect everything. That said its worth considering the types of information our website might transact and store in order to understand the why’s and how’s of website security.

Your website can store personal information like email address and physical addresses. It might even store passwords or payment data. If you offer ecommerce it will most likely store customers purchase history and correspondence. All of this data is valuable and should be kept private and secure.

Security steps we can take

No website is 100% secure but there a number of steps we can take to mitigate the risk of it being compromised.

1. Most websites are built using a content management system or CMS for short. Many SME’s choose WordPress but others are available. Your CMS and any plugins it uses must be kept up to date as any updates will likely include security upgrades. You can do this yourself or ask your provider to do it for you.

2. Your website needs an SSL certificate. This changes your website to run using https rather than http which in simple terms means that all data sent from the browser to the server is encrypted and therefore cannot be intercepted and rad by eavesdroppers.

3. Restrict access to your website admin system. Only provide accounts to trusted people and even then make sure they only have access to the bare minimum of features.

4. Employ Two Factor Authentication (2FA) wherever possible. This means that anyone accessing your website needs to be able to provide a second level of authentication via an app or a code sent in a text message. There are plugins for WordPress that do this for free – search for “Wordfence Security”.

5. Only ask for and store the bare minimum of information from your customers. If you offer ecommerce its worth using a Payment Service Provider like Stripe or Braintree who handle the payment details so you don’t have to.

6. Back up your website regularly. This way in the event of something bad happening you can always get you website up and running again – just make sure the security holes are fixed before you restore the data. For WordPress there are a number of options but a good plugin is “Updraft Plus”

What to do if there is a security breach

It depends on the severity but the key thing to have control over is communication. The last thing you want is worried customers or users who can’t contact you. Be honest and keep them informed of the actions you are taking. If you take the necessary steps then your website will likely remain secure but is worth considering your data and privacy policies now to be happy that you are covered.

A secure website is a safe place to be for your customers to interact with your business and that’s of primary importance. So it might be worth getting it checked out if you have any concerns.


You are responsible for keeping your customer data safe so security must be a priority. If you have concerns speak to an expert to help you audit and fix any vulnerabilities. Monitor activity and act immediately if you have concerns. When it comes to security prevention is by far the better option as remedial action can be costly from a financial and brand reputation perspective.

Don’t be scared of security as there are plenty of tools you can use to make sure that your website is a safe place to do business. Just don’t ignore it, and remain vigilant.

To hear more from Rob, you can join Digital Growth Programme’s Webinar – How to take Payments Online on 3 March during Lockdown your Data: East Midlands Cyber Security Week

Lockdown your Data: East Midlands Cyber Security Week 
will run from 1 March to 5 March, offering a number of FREE webinars to inform and support businesses looking to understand the strategic decisions needed to ensure digital resilience.

J29243 EMCC DandT Cyber Week Web Banner V2.2