Security - take care of data and customer safety.

Find out how to activate an SSL certificate for your store and better secure the data being transmitted. You can also activate additional security measures such as Google reCaptcha and change the CSP configuration. CSP is a security measure that blocks the loading of unknown resources from other sites in the store.

Table of Contents

In the admin panel, go to ApplicationsSecurity Security module icon

Security module configuration panel

Enabling the antispam code in the store

  1. Check Enable CAPTCHA codes,
  2. Select CAPTCHA type:
    • Standard
    • Google reCaptcha v3
  3. In the case of selecting Google reCaptcha v3, fill in the fields:
  4. Press the Save button.
The image antispam code is enabled in the customer forms.

CAPTCHA Standard: Example of CAPTCHA in the customer registration form 

Google reCaptcha v3 is not visible from the customer side of the store. The module checks the user's behavior in the background (it does not require typing digits from the image or clicking on a special verification form)

How to get reCaptcha v3 keys?

  1. Go to the page https://www.google.com/recaptcha/admin/create
  2. Log in to your Google account
  3. In the Label field, enter the name identifying your store Rejestracja domeny w systemie Google reCAPTCHA v3
  4. In the reCaptcha type select reCaptcha v3
  5. In the Domains field, enter the store address in the format mystore.example.com
  6. Accept the reCAPTCHA Terms of Service
  7. Click Submit
Pola zawierające niezbędne do konfiguracji reCAPTCHA v3 klucze

The reCaptcha for the store has already been created, now all you need to do is copy it to the Security configuration in the store:

  1. The value of the first field to Site key
  2. The value of the second field to Secret key

Enabling SSL - the protocol of secure WWW connections

Before enabling SSL in the store, you must:

Order a security certificate,
Turn to the server administrator on which the SOTESHOP store is installed and ask
for the installation of the certificate.
  • Select the scope of SSL operation,
  • Press the Save button.
    • Icon communicating about the correct SSL certificate on the domain

    The correct operation of the certificate can be verified on the page https://www.sslshopper.com/ssl-checker.html

    CSP - Content Security Policy protection

        
    
        CSP, or Content Security Policy, protects the application from the possibility of loading external resources.
        Thanks to this restriction, it prevents XSS attacks that attach scripts from other network locations to the source of the page. 
    
        If you are using the standard version and add-ons from the WebStore, you do not need to define anything else. The appropriate addresses are automatically added to the configuration.
    
    

        
    
        Attention! Enabling this option will block the loading of all scripts, images, files and styles from external locations. If your store loads resources from external locations on the page, add their addresses to the exceptions field.
    1. Check Enable CSP
    2. Press the Save button.

    Adding an exception to CSP

    1. In the CSP Exceptions field, enter the domain of the page from which external content is downloaded (addresses can be separated by a space or a new line). You do not have to provide full addresses, e.g. if you want to allow loading external resources from the page https://www.example.com it is enough to provide the address https://www.example.com. If you want to allow loading resources from all subdomains of example.com, just provide https://*.example.com.
    2. Press the Save button.
    Press the Save button. CSP settings in the Security configuration panel

    Related Documentation

    SOTE YouTube

    Stay up to date with the latest SOTESHOP program updates. Subscribe to the SOTE YouTube channel.