In episode 159 of our podcast, I chat with Chris Wiegman, Senior Software Engineer at WPEngine.
Security and Privacy with Your WordPress eCommerce Site
We chat about:
- What has been accomplished with privacy in the last year in the eCommerce/WordPress space
- What is the biggest weakness
- Two top privacy issues to consider when starting to sell on WordPress
- What you should look for when purchasing on a site
- Why it’s easier to plan what you collect vs. removing it after the fact
- Whether people are becoming too paranoid or complacent when it comes to privacy
Today we are revisiting a topic that stays in the forefront of our minds.: privacy, eCommerce and WordPress. Chris has a long history around security and privacy in the WordPress space. The two go hand in hand, so I asked Chris to share some insights and tips.
We started out with Chris sharing what he felt was the biggest stride we have made in the space this year. We also look at the flip side of things and talk about what is still a large weakness with privacy in the eCommerce and WordPress space.
Chris shares his advice on the top two pieces of the puzzle when you start selling using WordPress. From there, he gives us three important things to be aware of when visiting an online store or site as you consider making a purchase there.
We also talk about how important it is to plan just how much information you need to collect when starting your site vs. thinking about how to remove it later on.
I ask Chris to close out the show with his opinion on whether we have become a population of tin foil hat wearers or are we so getting so use to all of this that we are indifferent?
Of course the conversation takes us into different directions and the result is giving you the approach to take to make sure you are protecting your customers and your own privacy.
Tips and Insights from Chris
Advances in the last year
I think the biggest strides bookend this year. And that was GDPR last year, followed up by CCPA this year.
We’re seeing that individual site owners are meeting with their legal counsel or something similar. That might be to set up just to make sure that they are meeting privacy terms and things like that. I’ve seen much more at the grassroots level than anything top-down.
The largest weakness in the ecosystem
We’re seeing hosts popping up strictly with their entire marketing schemes. That says a lot when you’re talking about WordPress as a stage.
The amount of data processing involved in eCommerce is still a weakness on a system and on a legacy. What’s become a legacy system like WordPress is getting better. But these are oftentimes outside solutions that the individual site owner has a hard time controlling. Maybe the host that you’ve been on for 10 years and you have a lot invested in, isn’t really emphasizing e-commerce, where other hosts are.
Data breaches, plugin vulnerabilities, all the things that have been a classic nemesis to WordPress and security in general, especially the update thing, becomes even more pronounced in the WooCommerce space.
Two top privacy pieces for the first-time seller
One would be data minimization. It’s tempting to say I need all of this data on my customer and I need to store it forever. What if they come back? If they’re just doing a digital download, you might not need their address. You might need a zip code or something else for tax purposes, but you may not need all the data you’re getting.
The second one would be watching how you handle user accounts. Try enforcing strong passwords for your users. Password managers are a good thing for this. You can’t solve every issue, but taking your user accounts security for granted is going to get you in trouble.
Limiting data now or later
Part of the problem with the decentralized solution is purging individual data isn’t highly dependent on how you’ve set it up in the first place.
It’s not a simple process to go back to old dates, which is why privacy by design becomes such a big issue. Do it when starting your new store. So when we’re looking back at existing sites, you know your site well enough where you can go back and pull all that data out, or you’re going to need to have your developer or agency team look back at that data and handle that for you.
Privacy red flags as a consumer
Watch for on any store you want to buy from that doesn’t have SSL. There are still stores out there like that.
When was it last updated? If they have a copyright date at the bottom that says 2003 clearly, it hasn’t been touched since 2003. Have updates been applied? Is the site compromised?
Who’s processing my credit card? If they’re not using something like Stripe, or PayPal, it’s clear that this user is taking that credit card number or the site itself is taking your credit card number. That to me is a big red flag.
A final thought on privacy
It’s always been, if you’re not paying for it, you are the product. But now it’s even beyond that. I would say you’re not the product anymore, you’re just a commodity and you’re the commodity to just build the product. There’s a lot a truth to it.
Where to find Chris
- Book mentioned: The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power
Thanks to our sponsor FooSales
A big thanks to our sponsor, FooSales. If you are looking for secure Point of Sale system for WooCommerce, FooSales has you covered. It turns any computer, iPad or Android tablet into a cash register and gives you the power to sell your products and run your business anywhere in the world.
What’s cool is that it will connect directly to your WooCommerce database so as you are busy selling via this point of sales, your online store is perfectly synchronized. And unlike so many branded point of sales products, this doesn’t limit you to any single service provider and can be used with any credit cared processor.
Have you been looking for that sales register? They have a 30-day free trial so you can test the waters. But I’m sure you will be more than happy with FooSales, so make sure and go to FooSales.com and use the code BobWP to get 25% off any of their plans for 12 months.