Running a store online requires a thoughtful approach to the security question. Unfortunately, the number of cyber-attacks and attempts to steal sensitive data/information from eCommerce store sites is only rising every year. For business owners, it is crucial to protect their customers by taking all the possible measures. In this article, we discuss the security of nopCommerce platform.

The first thing to take into consideration when examining nopCommerce is that it is built on the ASP.NET stack, which means the high security standards for authentication and authorization implemented by Microsoft are available out-of-the-box.

Further, nopCommerce meets requirements of the latest industry standard for payment data protection, PCI DSS 3.2, and offers all the features that are needed to keep an online store secured, such as:

• Credit cards’ information is not stored into the store’s database but is handled according to the PCI-DSS standards
• Private key encryption is used to encrypt the store’s sensitive data. The key can be changed anytime
• Password encryption/hashing option and policies like:
  • password attempt failure lock-out
  • password must be changed at least once every X days
  • password must be unique i.e. it is not allowed to submit one of the previously used passwords
  • minimum length and strength of passwords can be set

Another important thing that makes a shop more trustable in the eyes of customers is SSL (Secure Sockets Layer) enabled on the site. It is very important to keep the connections encrypted, otherwise, there is a serious threat of data theft. nopCommerce allows store owners to easily configure SSL settings of the site by simply going into the store details page and enabling the option. In addition to that, it is possible to:

• Force SSL on all site pages
• Enable XSRF protection for admin area
• Enable XSRF protection for public store

And this is not everything, nopCommerce supports a few other security features. For example, it is possible to restrict IP addresses that can access the backend, it is also possible to enable honeypot to detect and counteract attempts of unauthorized use.

Last, but not least, nopCommerce is GDPR compliant, so business owners can collect, use and share personal data of their European customers without worries, in full accordance with the law.

Security is just one of the aspects nopCommerce platform developers take seriously. There have been multiple penetration tests, but only one security breach that had to be fixed in the past 10 years. The solution has lots of features, it is highly customizable and reliable. In the segment of free and open-source eCommerce platforms, nopCommerce is definitely an outstanding example.

Feel free to contact us to learn more about nopCommerce and discuss your project, we would also be delighted to give a speech or a workshop on nopCommerce free of charge.