ThBrick and mortar stores have cameras, alarms, locks, and more to keep their store secure. While eCommerce stores don’t use the same technique, security is still incredibly important. Fyresite has made the guide to help Shopify merchants at all tiers. Here’s how to keep your Shopify store secure.

Best Practices for Keeping Your Shopify Store Secure

As the saying goes, the best defense is a good offense. Here are some of the proactive steps that you can take to keep your Shopify store secure.

Keep Logins Secure

Your password should be unique to Shopify, not the same or close to a password you’ve used in the past. An easy and secure way to do so is to use a password vault, such as 1Password, which can both generate and save your passwords. To access them, you only need to remember your master password.

Another way to keep your login secure is to not share it. If you need employees to have access to your store, set them up with their own accounts and logins rather than giving them yours.

Use a Passkey and/or Two-Factor Authentication

A passkey is a secure replacement for passwords. A digital credential, a passkey uses an authentication method rather than a password to confirm your identity.

Examples of passkeys include fingerprints, face ID, or a PIN. To create a passkey on Shopify, you will need to go into your Shopify Admin. From there, you will click Manage Account, and then Security. Navigate to the Passkeys section, and click Create a Passkey. Verify your account password and select Next. Then, tap Continue and authenticate using any available authentication method that you use to unlock your device. You can delete your passkey on a later date if you choose to.

Whether you choose to do a passkey or a password, you can add two-factor authentication to your account to make it more secure. You can set up two-factor authentication for your admin account, and your staff members can add their own authentication for their individual accounts. This means you need access to a physical device and the password/passkey for your account in order to login.

Note: If you are using or going to be using Shopify Payments, it is required that you have two-factor authentication enabled.

Safeguard Against Common Scams

Phishing, vishing, and smishing and all variations of the same (most common) scam. They are identity-theft scams focused on creating phony messages that you will click on so they can secure account logins and other sensitive information. They often either mimic a reputable website, or from a reputable source that has been hacked.

Phishing messages typically ask that you visit a link, download a file, open attachments, or send them personal information, including login and two-factor authentication.

Vishing is a variation on traditional phishing, which uses voice-phishing to get sensitive information over the phone. Likewise, smishing uses sms, or text messages, to try to obtain this information.

To safeguard against these fraud attempts, follow basic online safety. Don’t click on links that come from accounts you don’t recognize, and never respond to a message asking for your personal information that you don’t recognize. It’s also important to verify

What To Do If You Think Your Store Has Been Compromised

If you have reason to believe that your Shopify store security has been compromised, you should act immediately.

Change your password and either add or change your two-factor authentication device. Check your banking details and change them if necessary.

If you believe you have received a phishing message, forward it to safety@shopify.com.

If your personal information has been compromised, follow the steps outlined by your government.

Do you live in the US? If so, follow these steps and file a report here.

If you are in Canada, follow these steps.

Need Help On Your Shopify Journey?

Are you looking to start, move, or finetune your Shopify store? Reach out to Fyresite to start a project or sign one a contract for our pre-existing continuous improvement plans.