Protecting your e-commerce site from hackers

Stealing Money

E-Commerce sites form a large chunk within the web hosting market. As e-commerce sites are widely used by various entrepreneurs, this led to a surge in data theft. A number of data transactions takes place on these websites and contains extremely confidential information. There’s a vast number of users with information relating to their credit cards, email addresses, physical addresses and much more. Without beefing up on security on a website owner’s behalf and the users, it can result in data theft performed by hackers. Data breaches don’t only take place within corporate spaces or financial services, but within small business as well. Breaches are frequently occurring in various news reports with a 43% in total coming from small businesses.

Invest in third party fraud-protection services:

Third party fraud is where an individual or a collective uses or creates accounts in order to clone an account with another’s details. This is associated with identity theft and one can face severe consequences. This can be a challenging and daunting task for businesses to detect and to stop.

An extra layer of protection is without a doubt a no-brainer. When it comes to security, going the extra mile is always worth the effort. The protection offered by e-commerce building platforms serves as a good entry point in terms of security. It can help with identifying potential risks or suspicious activity but going through with next step is entirely up to you.

It is a gamble one has to take. There could be a mistake in terms of the incorrect email address or postal address entered when the user created the account. In a situation like this, security software filters out these user profiles. It could result in an actual hacker or a potential client that could’ve entered their details incorrectly. Visitors that have been rejected before can cost you potential revenue. Taking the time to review risky visitors is costly and requires a certain expertise to filter them out properly. Proper validation is needed when one is faced with such a situation.

Compliance with PCI/DSS standards

PCI/DSS stands for Payment Card Industry Data Security Standards. It’s a set of requirements that are used by companies ensuring that the credit card information is stored in a secure manner. The objective of these standards are to improve account security when transactions are performed. The PCI Security Standards Council (SSC) ensures that the security of card holders’ information are secured at all times. It contains informative and practical material with frameworks and tools to help companies maintain the level of security needed. Some requirements for PCI/DSS standards are password protection, firewall set-ups, encryption of transmitted data and protection of card holder data to name a few.

Use HTTP with SSL

For those that aren’t familiar with SSL, it’s an abbreviation for ‘Secure Sockets Layer’. An SSL is a certificate that acts as a protective layer between a website and a browser. An SSL certificate is used to authenticate a website’s identity and to encrypt any information being passed through the website. An SSL certificate is crucial when it comes to considering filtering and blocking hackers that would want to intercept information during the checkout process.

Setting up your credit card with limits

Credit cards are fairly easy to steal which contains card and cvv numbers. The details contained on your card are mostly your initials, card number and CVV digits. These details are considered as a first level of security and should be kept to yourself. The most important of all would be the cvv number. CVV stand for Card Verification Value. The CVV number is required for performing online transactions. The 3 or 4 digit number can be found at the back of your bank card. Normally, when your card gets stolen or when the details are captured, hackers or criminals will try to guess your CVV code. When setting credit card limits, one’s usage of funds is restricted therefore, if anything does happen to the card your bank account won’t be completely wiped. In some cases, the card issuer can issue a refund due to an unauthorized transaction. Credit card limits can be set nationally and internationally.

Our Online Store builder packages includes a free SSL certificate and is equipped with the latest PHP and MySQL versions integrated caching and HTTP/2. Find out more about about our Prestashop online store builder that are loaded with benefits and tailored to your needs.


The article below will describe how to install the reCAPTCHA plugin to your WordPress blog page. This plugin is a free service provided by Google that protects your page against spam & threats. It uses various techniques to tell humans apart from bots.

Before installing the plugin, make sure that you are the administrator of the page.

To add CAPTCHA protection to your WordPress page, follow these steps:

1) Firstly, you are going to have to log into your WordPress account as an administrator
2) Under dashboard, click ‘plugins’ and then click ‘new’
3) Into your search bar, enter ‘CAPTCHA’
4) Search for the plugin
5) Look out for the Google CAPTCHA (reCAPTCHA) & then click ‘install now’
6) Once the plugin has installed, under your dashboard, click the plugins tab & then click on ‘installed plugins’
7) Once you have found the reCAPTCHA plugin, click ‘activate’
8) Click on the ‘settings’ button

Once the plugin has been launched you have to create a public & private key. In order to complete the next step, you have to click the authentication button.

Once that is completed, follow these steps below:

1) Once the keys are received, type the public key text into the public key text box & the private key text into the private key text box.
2) Once completed, under ‘options’ click ‘save changes’
3) CAPTCHA should be activated once the steps above are completed. You can test it by going to your WordPress front page & click the comment link. You will see the WordPress CAPTCHA in the submission form.


  • The importance of email security

    Email security protects you and your business against risk. Confidential information such as your credit card, bank account number or a social security number etc. can be protected through email security.

    Email security are various safety measures that protects email accounts, content & communication against suspicious activity.
  • Types of email threats

    – Phishing
    Phishing is one of the most commonly used methods of attacking online users. It is usually portrayed as a trustworthy entity that attempts to obtain sensitive information such as your passwords, usernames or your credit card details.

    – Ransomware
    Ransomware is a type of malicious software that’s used by hackers. This happens when a user is demanded a ransom in order to gain access to their data.

    – Spam
    Spam attacks are done through various mediums but the most common one used are communication channels such as emails. It makes the medium impractical because it has been bombarded with senseless information.
  • Tips on strengthening your password

    – Use more than 12 characters
    – Use special characters (%$#@)
    – Use uppercase & lowercase letters
    – Avoid personal or obvious information

    Example of a strong password: P!Zz@Gam3r23$$ (Unrelated to someone’s name or birthday)
    Example of a weak password: Sandy28051994 (Name and birthday used with no special characters, numbers etc.)
  • What we offer at Hostking

    We offer SSL certificates which allows your data to be transmitted securely by establishing an encrypted connection. Spamexperts is another service offered by Hostking which filters out any form of spam & viruses before it reaches your network. Siteblock is a daily malware scanner that identifies threats & known malicious code.

ASSP – Better SPAM Protection

assp spam firewall protection

assp spam firewall protection

Is SPAM bothering you too? In the past we received numerous complaints from our clients, regarding SPAM mails. We tried all possible configurations on the spam software available with the control panels. But it was of no use at all. Finally we heard of ASSP. Now all our clients are happy and content. The spams mails have been reduced by more than 90%. Ever since we installed this software clients have been amazed as to the SPAM dropping in their inboxes and the great management features it provided them with. Let me tell you more about our experience with ASSP

ASSP is very powerful spam filter which will work beautifully, without affecting your normal mails. And it has a very user friendly interface, using which we can easily check the spams, categorize mails as useful mails or spam mails and many many other options, that are not easily available in other spam software. It works on cPanel as well as Plesk servers. You don’t believe me? Try it out. I am sure you will be impressed.
The installation is well described in here
It is easy to get it installed and also very easy to configure. The ASSP interface is well designed and self explanatory.

Let me state a few scenarios I had to face after the installation:
After the installation of ASSP, the “No local filter” option is enabled by default, for all domains/users. This feature is to prevent email dictionary attacks. With this option enabled, only existing email addresses will receive a mails. Mails to non-existent addresses will be rejected with the message: No such user exists.
In short, the “Default address” option, available in cPanel, does not work when the “No local filter” option in ASSP is enabled.
So if you have several accounts using the “default address” you have 2 options:
a. You may advice your clients that with the “No local filter” option they can receive emails only to existing pop3 accounts and forwarders, so the client can decide if it’s a case where we will have to disable the filter using ASSP deluxe cPanel frontend.
b. You may turn the “No local filter” option off for all or some clients, using the WHM ASSP web interface (ASSP DOMAIN CONFIG) . If you want to turn it off for new hosting accounts automatically , go to ASSP WHM > ASSP Deluxe for cPanel tools > DEFAULT Settings > FILTER STATUS DEFAULT SETTINGS > and set “No Local” to OFF .
Problems in sending via MailScanner
Please note that ASSP only filters the incoming mails. If the outgoing mails are affected, you need to check the authentication mechanism enabled in WHM -> ASSP interface.
This means that all email clients should have SMTP authentication enabled, in order to send mails.
This means that the users should only use pop3 authentication.
Clients cannot send mails via port 25.
In such cases, where ISP blocks port 25, we normally enable port 26. When ASSP is installed, we should not enable port 26 in WHM -> Service manager. If enabled, it should be removed.
The alternate port should be enabled in WHM -> ASSP Web Interface -> Network Setup > Second SMTP Listen Port.
If you stop ASSP, the mail service will not function. So if you temporarily need to stop ASSP and have exim serve the mails, do as follows:
First of all, we need to ensure that ASSP will not be started automatically. Remove the status.php cronjob from crontab. Also ensure that ASSP monitor is not enabled in WHM -> Service Manager.
Then stop ASSP via WHM -> ASSP Web Interface. If you stop via command line, it will not be completely stopped. Hence only use WHM.
In WHM -> Exim Configuration Editor -> Advanced Editor, comment the following entries
# local_interfaces =
# daemon_smtp_ports = 125
Save exim.
Now exim will serve mails.
In case you need to enable ASSP:
Add the cron job and enable monitor in Server manager.
Remove the comment before the above entries in Exim configuration.
Start via WHM -> ASSP Web interface.
Enable SSL support
ASSP SSL support is not enabled. If you need SSL support, you will need to make use of stunnel. The details are mentioned here