How to Have a More Secure eCommerce Site with Drupal Commerce

How to Have a More Secure eCommerce Site with Drupal Commerce

Cybercrime is a growing problem in today's community.


In 2017 alone, we saw the record-breaking attack of the WannaCry ransomware scandal bring plenty of businesses to their knees. In fact, the spread of the ransomware across 150 countries caused many professionals in the industry to call it the biggest offensive in cybercrime history.

As the digital world continues to evolve, it brings with it countless new opportunities for success, along with various vulnerabilities that modern entrepreneurs need to be aware of. If you're launching an eCommerce company in the current marketplace, you'll need more than just a solid USP and a great marketing strategy - you'll need a CMS (content management system) solution that keeps your online presence secure.

After all, if customers don't believe that your site is secure, then they're not going to buy your products. It doesn't matter if you sell the best products or services in the world, no-one's going to risk giving their details to an unsecured store.

Drupal Commerce is one of the most trusted and secure eCommerce solutions on the web today - used by organizations across the globe. To help boost your chances of a successful eCommerce venture, we're going to explore some of the ways you can develop a more secure site with Drupal Commerce.

1. Commit to Regular Updates

Updates are key to any cyber-security strategy. When a company rolls out an update for a piece of software, they're not just giving you new features to play with, they're also delivering bug fixes and patches that can protect your system against vulnerabilities that exist within the network.

People often postpone updates because they get in the way of day-to-day tasks. However, this could mean that you're leaving entry windows open for people who want to worm their way into your files. The developers of Drupal and Drupal Commerce regularly release timely updates that fix the security issues in your CMS. You should be making sure that these updates are being applied when they become available, either by doing it yourself or by contracting a company to do them.

2. Use the Right Login and Password Security

The login page at the front of your eCommerce site acts as the door to your organization. The best way to protect your future is to fortify that door with the correct security measures. While a great password and username is a great way to get started, some statistics suggest that around 35% of users have weak passwords - and many of the remaining 65% can still be cracked.

With Drupal as your CMS, from the moment you first install the system, the passwords on your database get encrypted and "salted". This means that your password becomes almost impossible to hack. Additionally, Drupal offers a range of user-contributed modules thanks to its open-source framework, which support everything from SSL certificates to two-factor authentication.

3. Configure Your eCommerce Access Controls

When it comes to securing your eCommerce site, there's only so much any CMS can do to help you. At the end of the day, you'll need to make sure that you're making full use of the control systems that solutions like Drupal provide to give you absolute authority over the accounts that have access to your website. For instance, a blog account might have access to write content on your site, but not change the price of products.

Drupal and Drupal Commerce have a range of access controls that allow you to choose authority levels throughout your website. You can create categorized accounts for specific parts of your website, ensuring that each person gets only the permissions they need and no more. Essentially, this reduces the risk of human error as you add more people to your eCommerce team.

Demo Drupal Commerce today! View our demo site.

4. Stay Ahead of the Curve

One of the most important things you can do to protect your eCommerce site is make sure that you're always aware of the latest DDoS attacks, web issues, and attacks facing your industry. The more you know about the threats you're facing every day, the easier it will be to establish a strategy that helps you to fight back against them.

Drupal helps eCommerce site owners to stay ahead of the curve, with one of the largest communities in the world, packed full of more than 1 million strategists, developers, and designers. This kind of attention ensures that any time an issue or error in the code might be subject to a new attack, it's duly reported and dealt with.

Aside from the support of the community, Drupal users can also access the "Status Report" function on their UI, which keeps you updated on any problems with the code on the site, this is the easiest way to keep on top of your website management, and make sure you're not falling behind on security.

5. Enable the Right Security Modules

When you want to make your home more secure, you add new alarm systems, motion detectors, and even locks. On the other hand, when you want to keep your eCommerce site safe, Drupal offers modules to help you accomplish specific security measures. For instance, there's:

  • The password policy module: This allows you to establish a specific rule for passwords. You might demand that all passwords have one capital letter and special character for instance.
  • Username enumeration modules: This module ensures that hackers can't gain access to your site by constantly trying to guess usernames.
  • Automated logout: This module allows you to choose a time limit for user sessions. If someone remains inactive for too long, they'll be automatically logged out.
  • Honeypot: This module helps to eliminate spam-bots from using website forms and spamming your administrators and users.

6. Add HTTPS

Building a secure Drupal Commerce website doesn't just protect your business from attacks, it can also give you a better reputation in your chosen eCommerce industry. Adding the HTTPS certificate to your Drupal hosting set-up is a great way to deliver that peace of mind. 

HTTP Secure is what you get when you install an SSL certificate onto your website server. It ensures that cybercriminals can't intercept and tamper with the information sent back and forth between you and a customer. Aside from the obvious protection they offer, SSL certificates give you those little green padlocks next to your URL that leaves your customers feeling confident and help you to achieve a better ranking in the search engines. 

In fact, there's no reason not to include and SSL certificate now since you can do this for free through Let's Encrypt!

Secure eCommerce Starts with a Trusted CMS

In the ever-evolving world of website security, it's difficult to guarantee any company's security. One moment, it can seem as though everything is running smoothly, then the next, you're struggling to retrieve your details from a hacker. The only thing you can do is take every possible step to protect yourself from an intrusion. 

Drupal, with its security modules, password protection, and state-of-the-art open-source software has earned the trust of everyone from industry giants to government agencies. The websites of UNESCO, the White House, Fox News, and Harvard University are all built on the Drupal framework. After all, just because it's open-source doesn't mean that Drupal isn't secure. Every module contributed by a user is thoroughly reviewed by the community. Drupal also has a dedicated security team that is always leading the security initiative. 

With this safety-first approach, Drupal ensures that every eCommerce site you build has the best chance of standing strong against attackers and delighting your customers in the process. 

Contact us and learn more about our custom ecommerce solutions

Raj Jana is the CEO and founder of the JavaPresse Coffee Company. As an eCommerce entrepreneur, Raj knows a thing or two about running a secure website, and he's always looking for new ways to keep his customers safe.

Raj Jana
Contributed by

Raj Jana

, Guest Writer
Up Next:

Memory Usage in PHP - Dealing with Arrays

Next Article
Get Free Widget

Fields marked with * are required.

×