More and more shoppers are using online marketplaces to buy everything from TVs to groceries. Online shopping has become so popular that Amazon.com started a mid-year shopping day called “Prime Day” to recreate the immense sales of the holidays in July. Amazon is not alone. The so-called “Christmas two” is a long-standing idea and other retailers have spring and summer bargains to drive extra traffic.


    Still, the months of September into January show the most significant boom in shopping both in-person and online. This boom creates competition with online retailers, and shoppers are benefiting more than ever.


    U.S. shoppers spent more than $126 billion during the holiday season in 2018 according to a study by Reuters. With the millions of shoppers heading to online retailers in the fourth quarter, websites become a prime target for hackers. Companies now have to take extra steps to protect customer information.


    We’re going to take some time to talk about keeping your website safe during the holidays and how ignoring security risks can have significant consequences.



    Worst Case Scenario


    Online retailers maintain enormous amounts of customer information. Securing contact information, passwords, payment methods, security questions, and more is immensely important. Retailers rely on trust to get and keep customers, and a large part of that trust comes in the storage of personal information.


    That wealth of information is very enticing to hackers who take personal information to steal identities. Security systems are continually getting better, but hackers are improving at the same pace. Unfortunately, for many retailers and online companies, hackers gain access to their database.


    This hack is the worst-case scenario. Thousands of people can lose personal information used to steal money, ruin credit, steal social security numbers, and more. There are two recent examples to illustrate this point.


    In 2013, Target suffered a breach into its website spilling information for as many as 70 million online shoppers. The company announced on December 19th that the hack stole information over the course of 18 days from November 27th to December 15th, the height of the shopping season. Target needed damage control immediately. They leaked contact information, passwords, and most importantly, payment information. When all was said and done, the company paid a multi-state settlement of $18.5 million. Just as important, Target permanently lost many customers.


    More than double the size of the Target hack, in 2017, Equifax suffered a breach exposing the personal information of more than 147 million people. While Target lost payment information, Equifax went a step further and lost millions of social security numbers making identity theft much easier. The fallout includes up to $425 million in settlement costs and the long road for many users to regain damages.


    Those examples show that no company is immune to security threats. The larger companies make larger targets, but smaller online retailers run the same risks with even more potential fallout. There’s no question keeping your website safe during the holidays is the most crucial factor to take into account.



    How to protect your site with WordPress


    WordPress makes some basic security strategies available in the form of free and paid plugins as well as some other helpful tips and tricks.


    • Plugins: WordPress relies heavily on premade plugins. They range from advertisements to anti-spam, but to help with keeping your website safe during the holidays, look for security-specific plugins. Sucuri is a great place to start.
    • Passwords: Secure passwords are essential in every facet of an online presence, but more so when you’re protecting your website. Often overlooked, don’t forget to use different passwords for every login and try out password generators for random, secure passwords.
    • Disable file editing: WordPress has a built-in coding editor where you can edit theme and plugin files from the WP admin page. This information is a massive risk if left in the wrong hands.
    • Work with professionals: The more intricate the safety measures, the more knowledgeable and experienced you need to be with the program. In these cases, turning to a professional team to shore up your security is an excellent alternative to going it alone and having your website hacked. While this option comes with a cost, the opportunity cost of a compromised website is too much to risk.


    The holiday season is the busiest for online shopping, so take the time and the extra steps to ensure your website’s security is ready.



    What to look for in a professional team


    The complexities of coding in WordPress are way beyond the majority of small business owners and retailers. Professional development companies exist specifically to provide top-tier products without requiring you to learn website coding.


    There are hundreds of companies out there vying for your business, but here are some qualities to look for in a good development team.

    • Transparency: You want someone who keeps you updated on their progress and answers your questions along the way.
    • Health Checks: Find a team that regularly screens your website for malware or exploitable security holes.
    • Maintenance: Up-to-date plugins and core updates make an enormous difference in keeping up with new security threats.
    • Performance Check: Have them run daily performance checks for potential issues caused by security issues.



    Most businesses can no longer afford to miss out on the holiday rush. Millions of customers take to their computers to buy presents for others and for themselves. When they do, they trust their personal information is safe with you. Keeping your website safe during the holidays takes more than a few strong passwords. It takes constant monitoring and effort to feel secure.


    Ready to learn more? Let’s talk about how we can help you make your site more secure.