nopCommerce security is one of the hottest topics in e-commerce discussions. Everybody knows how security is important in online stores. In your nopCommerce store you have collected sensitive data, so it's the most crucial part of nopCommerce security. Have you ever wondered how to secure your nopCommerce? How nopCommerce specialists secure their nopCommerce? In our comprehensive guide you will find the step by step guide to secure nopCommerce store. It's dedicated for each user. Even beginners are able to secure nopCommerce and protect data of customers.
nopCommerce is an open source e-commerce platform, suitable for small and medium size retailers. It’s based on ASP.NET Core and uses the MSSQL database. nopCommerce in numbers:
nopCommerce is developed and supported by professional team since 2008. If you want to read more information about nopCommerce, nopCommerce history and features, it's the best time to visit nopCommerce official website.
It can be a very detailed section. And we will cover it in a different article. But for now we can install nopCommerce in few ways. First way of installation requires to have a ASP.NET Core hosting provider which provides the nopCommerce as part of their application installer. As an example we can use the nopCommerce app on Microsoft Azure. This way is called as automatic nopCommerce installation and you need to control one thing – please be sure that hosting provider provides the latest version of nopCommerce.
nopCommerce can be installed manually. You will have to download proper version of nopCommerce, upload it to your server and install. This is more complicated, but with our guide even beginners will be able to handle it. And the best option for us and if you don’t have time also for you, is a custom installation made by certified partners. In this case, we will install and configure nopCommerce store for you.
Software updates are always the most tricky part for store owners. Mostly for those, who are not developers and technical geeks. We really know that it can be a pain in the neck. In general, nopCommerce update is a process when you need to copy your files, download newest version, run the nopCommerce upgrade script in your database and copy back configuration files. Looks simple, but it may brings confusions. This topic also will be covered in our nopCommerce comprehensive guide for beginners.
nopCommerce is one of the most secure open source e-commerce solution. In the parallel with e-commerce development, nopCommerce team took the security cases very seriously, and they provided a software which meet all PCI DSS requirements and it offers all the in-store features that you need to run a secured and successful e-commerce site.
On the market you will find many tools that are able to scan your website, to check if vulnerabilities may exist on it. Below you can find the result of our nopCommerce demo test.
nopCommerce meets all requirements to have a PCI DSS certification, but nopCommerce Team did not try to get certificate. In fact, you are able to use it with any kind of payment gateway. What is the PCI DSS? Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes.
Below you will find little table, which will give you a clearer picture of what PCI is, table comes from digital.com.
In nopCommerce you will find many fields where you can improve your store security. I hope the following list will help you in the store configuration to bring you the best nopCommerce security. Your code is also one of the factors which can impact on the general nopCommerce security, so I suppose that you use only verified solutions. Invalid plugins or themes may break your security, so it's very important for your safety.
I’ve mentioned it in the earlier parts of this guide. Each version of nopCommerce constains a long release notes. In each release notes you will find new features, but what’s important, you will find also the security bug fixes. This part is crucial. Usually nopCommerce Team releases new version twice a year. This time guarantees that you will get matured and tested solution and you won’t be suprised with any unplanned nopCommerce vulnerabilities.
Unauthorized access is a potentially major problem for anyone who runs online store or any kind of online business. It's the most common reason of data loss, data deletion or thefts. Have you ever wondered how to create strong password? There are few fundamentals of strong passwords:
- passwords should be long and complex,
- because long and complex passwords are harder to break by hackers and programs,
- good passwords should contain at least ten characters and have a combination of characters such as commas, percent signs, and parentheses, as well as upper-case and lower-case letters and numbers.
nopCommerce allows you to require such complicated passwords from your users. You can specify your own password policy in nopCommerce admin panel. To create one, please login as an admin user and go to admin panel, then Configuration -> Settings -> Customer settings and look for the "Password and security" tab. With listed settings, you are able to create your own password rule.
It goes without saying that spammers are the most annoying part of the internet. Mostly it's problem of bloggers, but it's also very common issue in e-commerce. The best information for you is that nopCommerce allows to enable reCAPTCHA in your store. If you don't know what is reCAPTCHA, please visit the official Google help page.
If you want to enable captcha in your store, please login to your store as an admin user, go to administration panel, then to Configuration -> Settings -> General settings and look for CAPTCHA tab. Turn on the only one existing setting - CAPTCHA enabled. You will see the list of places, where CAPTCHA should be enabled. It depends on you. Choose fields, that exist in your store.
Last two fields are responsible for your reCAPTCHA credentials. To generate CAPTCHA keys, you need to visit Google reCAPTCHA page. Login to your account and click the plus button, highlighted on the screenshot below:
On the next page fill the necessary fields and what's important, check the reCAPTCHA v2. nopCommerce doesn't support the reCAPTCHA v3 yet. After successful creation you will have possibility to copy the public and private key, which are used in nopCommerce. It's very simple.
Few years ago, SSL certificates was treated as something exclusive. That times have gone. Nowadays, everyone can install Let’s Encrypt certificate and it’s a must have thing for each store owner. It’s important to mention that from July, Google Chrome highlights non-secure websites, so websites without SSL Certificate.
It's very simple process, if you installed SSL on your server, it's time to login as user with admin access and go to Admin panel -> Configuration -> Stores -> Edit on your store. On the screenshot below, you will find highlighted setting, which you should turn on. After that, please enter the store URL with https protocol.
If it's still too complicated for you, let's rock the world with us! Our certified nopCommerce developers will help you with the whole process and install it for you with pleasure. Just check the premium support services and let us make a magic for you!
Regular backups may rescue you from many critical situations. Why it is worth to make backups? There are few points, why it's crucial for each digital product like online store or blog:
As it's presented on the screenshot above, in nopCommerce you can create database backup directly from your admin panel. To achieve that, your nopCommerce has to be deployed on the same server with database. Otherwise, you will have to get in touch with your system administration or your hosting company, to create such backups for you.
In nopCommerce, just login as an administrator, go to Admin panel -> System -> Maintenance and bottom section of the page, will be responsible for backups creation.
nopCommerce allows you to restrict access to your admin panel. Even if somebody will get to know your administrator login and password, won’t be able to login to your admin panel. To restrict access we need to login to admin panel, navigate to Configuration -> Settings -> General Settings -> Security tab. First textbox is called „Admin area allowed IP” and it’s the place where you should provide each administrator IP address.
The huge number of nopCommerce plugins and nopCommerce themes means that you will find the good quality plugins and the bad ones. You can’t be mad about that fact, because it’s a foregone conclusion. It’s impossible to check each solution and test it. Sometimes it’s also impossible to keep a straight face when you see new nopCommerce community themes or plugins, but in general it’s a part of open source.nopCommerce has its own marketplace, where vendors are able to upload their products: nopCommerce plugins, nopCommerce integrations and nopCommerce themes. As it was mentioned in the first chapter. nopCommerce marketplace contains over 2000 community products and it’s important to choose only trustworth Solutions. Please remember that each product may be bad and can impact on your work. In a fact, it doesn’t have to breake down your store and steal the customers data, but for example badly optimized themes will slow down your stores speed immediately. It’s also important to include changes one by one, it’ll be easier to track the issue. If you make all at once, the reason of problem could be find only by trials and errors, what’s unwanted scenario.
How to decide which product is better? On nopCommerce marketplace you will find also the review system. Everyone can leave review about particular product and it can be a proof that nopCommerce plugin which you have found is used by community and appreciated.
For many people, especially kids it's a sad time! But... we are here to make it better! Get the majority of our plugins and themes with 20% discount!
The only one thing that you need to do is enter following coupon code in the shopping cart:
Discount is valid to the end of the September.
Everyone who wants to create an online store, expects only the best solutions. Parallel to the online store number, increases the number of online stores software. For us, the choice is only one - open source. It guarantees almost unlimited possibilities in the case of improvements and customizations. But our state of mind can be subjective, so let's jump into detailed comparison.
According to name, Open source is a software based on open license. Everyone has access to the source code, but it's only the advantage. On its security take care programmers from the whole world. You can be pretty sure that each security vulnerability will be fixed much faster than in the SaaS tool. The fundamentals are based on open source. Linux The Linux operating system regulates the operation of Web servers, and the Apache Web server application negotiates data transfer between the worldwide server infrastructure and personal devices. Thanks to Twitter Bootstrap you are able to create themes and websites easily. What is important, many mainstream companies became open to open source, for example Facebook and Google made their solutions public to gain as much as they can from open source community.
Open source in numbers - only on GitHub you can find almost 5 milion of respositories. If you add SourceForge and Ohloh to this ranking, we can say that this industry is big.
nopCommerce is an open source software, its success has been created by the members of the community. You can check the official nopCommerce community forum to see, how many active users try to help beginners in their stores creation. As nop4you, month by month, we are in the peak of the active users, because we know why it's important. In our team you will find certified nopCommerce developers, MVP of the community and that's the proof of our words, that open source is important.
The most important difference is a fact that open source is for free and you are the owner of source code. In the case of SaaS application, you don’t have access to source code. SaaS mostly are ready to use Solutions. After first payment you receive the ready store with complete functionality. Mostly is less advanced than open source softwares and have smaller marketplaces with third party plugins.
- ready to use a few minutes after registration,
- simple configuration,
- ready integrations implemented out of the box,
- support from the application provider,
- software provider creates backups,
- automatic updated delivered trhoughout the entire subscription period part,
- no need to have specialized technical knowledge to run the store,
- low cost of launching store in the first year,
- dependence on the software provider,
- new functionalities depend on the software provider,
- the possibility of data loss if the service is shut down by the provider,
- no code interference,
- closed list of integration,
- extended waiting time for updates,
- only one man is responsible for security
- Price – you don’t have to pay the monthly subscription fee
- Customization – open source has much better possibility to customization and personalization
- Extensions – you have a large number of third party extensions ready to download or purchase
- Themes – larger database of themes, that can be used in your store,
- Community – each open source software has an active community, If you have a problem, you are able to receive help from the active, helpful community. The biggest Open source providers, have their own forums or groups where programmers are able to contribute to its development. Sometimes users also create meetups, community groups and regional groups.
- Updates – the creators of the platform want to constantly improve their product. So you can count on regular system updates, that guarantee the security of your online store and make it meet all the latest technical requirements. However, the system updates are not as automated as in SaaS software.
- Specialists - you will most likely need them if you do not have sufficient knowledge about the given Open Source software. They will help you in the development of the store - updating the platform, making changes and any corrections or installing modules on a regular basis. The upside is that the more popular the platform, the easier it will be for you to find subcontractors for its implementation.
- Development - thanks to having full control in building your store, you have greater development opportunities for Open Source platforms than for SaaS solutions.
- Advanced options - Open Source allows you to run several online stores on one engine: you can have several language versions, different currencies, multi warehouse or multi tenants.
- Implementation costs - as we mentioned earlier, implementing an Open Source platform involves costs. You must consider the expenses associated with employing professionals who will be able to help you implement the online store. Depending on the platform and implementation method, the costs may be several thousand, for the simplest system and store based on template graphics, or several hundred thousand, for the largest stores based on individual designs and advanced features.
- Technical support - the creators of Open Source platforms do not offer direct technical support. You must provide them for yourself. This usually means employing a subcontractor and further costs. For less advanced platforms, support will be needed mainly for implementation, updates and development. However, if you have a large store, built on the most advanced systems, then it is worth using monthly, constant support.
- Updates - they don't happen automatically and you have to do them yourself. This is not a problem for individual, small updates. However, if you have to make a lot of changes in the structure of the store, it may require more attention or the employment of a specialist who is familiar with the subject. Hosting - for a store placed on an Open Source platform to work efficiently, you must meet advanced technical requirements. This is often associated with the purchase of a dedicated hosting platform.
- Add-on compatibility – enormous number of extensions can be an advantage as well as a disadvantage. The creation of add-ons by various creators can be problematic. When choosing specific solutions for your store, you need to make sure that they are compatible with each other and do not cause site instability. Finally, you have to choose only the best extensions, because sometimes you may encounter Solutions that don’t work.
The companies that can benefit most from Open Source software are mainly:
- smaller stores, which care about rapid development and need an efficient platform for this,
- medium and large stores, which this type of platform will be allowed to develop freely without additional restrictions imposed by SaaS platforms,
- stores that value flexibility and want to tailor the entire site to their needs,
- stores that are at a high level of development and care about the extensive capabilities offered by the most advanced Open Source platforms.
No article will give you a clear and ready answer which is better - Open Source or SaaS. The decision is yours, but before you make it. then check your needs. Prepare a list of requirements, compare it with features that gives you particular solution and then make decision. If you are not sure, what will be good for you, just ask us, as a specialist in the e-commerce industry, we will help you with pleasure.
If you are not conviced if open source e-commerce softwares are extendable and advanced, please check our offer of nopCommerce plugins and nopCommerce themes. We've developed over 100 extensions, that's why we are the biggest nopCommerce partners.
ShipStation shipping plugin which allows you to integrate your nopCommerce store with ShipStation. Print branded packing slips and labels from 30+ couriers (Royal Mail, Canada Post, Australia Post, UPS, FedEx, DHL, etc.) by connecting any selling channel. No matter the courier, streamline and handle orders all in one workflow.
Advanced Bootstrap Theme for nopCommerce is ready! Previous Bootstrap Theme was a bulls-eye. Now, we've decided to improve it, we've already got feedback from web developers that it's the real huge time saver for them! Please meet our newest kid - Advanced Bootstrap Theme, responsive, clean and powerful nopCommerce template which can be a standalone theme or a perfect base for personalization and customization! https://www.nop4you.com/advanced-bootstrap-theme-nopcommerc…
We are happy to inform that we've released new plugin. Advanced Background Changer for nopCommerce is ready to get.
Beautify your store with Advanced Background Changer which allows you to change the whole background of your store. It's a perfect choice for those, who doesn't want to purchase nopCommerce theme, but want to personalize the Default Clean theme. Highly functional background slider for changing promotional banners. Advanced Background Changer for nopCommerce gives you possibility to brand manufacturer pages, category pages or create custom background for your online store. With Advanced Background Changer you are able to create time limited promotional backgrounds to highlight discounts, promote new products or whatever you want.
Here is the link to the plugin: https://www.nop4you.com/advanced-background-changer
We are happy to announce that we've released a top-notch plugin for nopCommerce stores. Shipping method inPost Lockers (in Poland known as inPost Paczkomaty) is ready to get on nop4you.com marketplace.
It was created for people who want to send packages through inPost Lockers, Thanks to the built-in map, and a system of full list of self-service lockers, customers will be able to choose easily and quickly the locations of parcel collections from InPost lockers.
In the store checkout, the user will be able to select InPost Lockers as a delivery method for their order. Additionally, the user will be able to specify the destination locker that their order will be delivered to.
Present in more than 20 countries, among others in UK, Poland, France, Italy, Canada, Czech Republic, Slovakia, Russia, Hungary and more.
You can get this plugin on nop4you.com here:
First step is to find the desired inPost Locker on a map
Second step is to choose the desired inPost Locker on a map:
If you are not convinced about your choice, you can check the details of choosen inPost Locker
We've changed for you! Over 90% discount for package with the majority of our plugins. We've decided to change the price of our package plugin. With it you are allowed to purchase the package with the majority of our products.
Package is available here: https://www.nop4you.com/all-products-collection
Keep customers and users engaged with less work and manual effort, after successfull configuration of Marketing Automation plugin.
Nowadays customers expect individual approach to them. If you don’t care, they won’t make purchases in your store. First of all, I should ask you few questions. Do you always remember to reach out customers who left your store after purchases without further reactions? Do you know your best customers and you are able to describe them? Your customers usually abandon their shopping carts, do you try to recover them?
If you answered no for at least one question, it’s the proof that you should consider using the marketing automation plugin in your store. As DMA (Digital Marketing Association) prooved, the segmented and targeted emails, generate 58% of all revenue.
Marketing Automation allows you to create personalized emails that will be send to all abandoned carts in your store. For you, as a business owner or marketer, important should be fact that emails generated by abandoned carts have a 40,5% open rate (according to eMarketer studies).
How to create the most simple abandoned carts personalized email with Marketing Automation for nopCommerce?
First of all, go to Admin Panel -> nop4you -> Marketing Automation -> Customer Reminder -> Add new. Below you can check my basic configuration of the reminder.
Now it’s time to click the Save & Continue Edit button. After that, please go to Reminder Level tab. We have to create our personalized email. For the first time, we will create only one level. I think for the beginners it’s enough. When you see the results, you can change the number of levels, delay of send.
Now it’s time to enable the scheduler, to automatically send our reminders. Go to Admin panel -> nop4you -> Marketing Automation -> Scheduler. Press the Edit button next to Abadoned Cart reminder and set the preferred time. I want to run it every minute, so in the Occurs field I setted the Hours and in the minute fields – 1. That’s all.
Follow up customers who trusted you and made purchase
The most important action for increasing your revenue is to take care of existing customers. That’s why you should use the Marketing Automation plugin to create reminders for users who made order in your store.
It’s very important to check if everything is ok with their order. To check their satisfaction.
Follow up customers who made order, but didn’t pay for it
Have you ever send emails to customers who didn’t pay for the order? If not, why? They've already trusted you, so why you don't want to reach them?
Engage customers to sign up to your newsletter
Everybody loves a discount – that’s why Discount Newsletter plugin may do the trick. It allows you to create a attractive popup with input to sign up to the newsletter. As a reward, you can give your customers discount for next purchases. Discount can be created manually or generated automatically after popup creation.
Plugin mentioned in this article: