After working for countless hours developing products and setting up your Shopify theme, it’s only natural that you want to protect your store as much as possible.
In this post, we’ll discuss a variety of frequent concerns that Shopify store owners have about securing their stores and their content as well as offer some frank and practical advice on how to utilize a variety of best practices and strategies.
“Scraping” is a term that refers to automated software that is designed to scan websites and gather information such as phone numbers, email addresses and other data listed on the site. A broader form of scraping, meanwhile, involves automatically filling out contact forms with spam.
Unfortunately, this type of activity is difficult to stop and can quickly become a losing battle.
Shopify’s default contact form doesn’t allow adding a CAPTCHA or other type of user verification method, but there are many form apps that do add this capability.
Rendering your email address or phone number as an image is one possible way to prevent this type of situation, but keep in mind it also makes it difficult to copy the information or tap it to start a phone call or click to send an email; these are things that your site visitors may intuitively expect to be able to do in your shop..
Another common technique is email obfuscation, which attempts to render clickable email addresses using a variety of behind-the-scenes techniques that make it harder for scrapers to detect.
The advantage to this is that most users will still be able to click the link without knowing anything is different and it can potentially cut down on some spam.
However, none of these solutions are foolproof — there are scrapers that can “read” images and they are getting better and better every day. In addition, some spammers actually rely on real life people to scrape data, rather than automated programs, meaning all of these tactics would be thwarted.
Ultimately, it’s a fine line of deciding how difficult you want to make it for scrapers to pick up your contact information while not making it too difficult for legitimate messages to get through. Although it can be annoying to deal with, you may ultimately be better off becoming efficient at sorting through spam messages than risk losing a potential customer contact.
A good way to manage the amount of email could be to use a program such as Zendesk’s Inbox, which creates a team mailbox that multiple users can help manage, so if you have other team members, you can divide up the responsibility of sorting through messages.
There are also numerous email apps for mobile devices that focus on the concept of “inbox zero” that have unique ways to make managing email easier. For some suggestions, try searching for “inbox zero apps” or similar terms.
Lastly, it’s worth noting that you should always create a dedicated email and phone number for your business or shop rather than ever using your own personal contact info here.
You can create a new Gmail address just for your shop and get a virtual phone number that forwards to your personal number so that the latter is never exposed.
Note that Shopify will always use the email listed in your Settings > General > Store Details > “Customer Email” field (rather than your “Account Email”) for all communications with customers such as newsletter signups or contact form submissions, so it's a good idea to make sure this is updated as well.
Many store owners are rightfully concerned about product images and other artwork being downloaded and used by competitors or other third parties without authorization.
Many store owners like to add “right click prevention.”
Right click prevention can also cause significant user experience and accessibility issues with your site. Combined with the fact that it’s typically pretty ineffective in thwarting the issue at hand, it’s typically not worth adding this feature.
Watermarking is another common approach to protecting your images. This involves adding either your logo, company name or other marking directly within the image file, typically directly over the image.
Some watermarks can be semi-transparent, while others are more obvious.
Watermarking can be a good way to prevent your images from being used by competitors, but it’s also not a perfect solution.
First, adding a watermark to your image obviously affects how it looks to shoppers — who may find it distracting to see the product with a logo or text over it.
In addition, in many cases, it’s fairly easy to remove a watermark using Photoshop or similar image editing program — so if someone really wants to download and use your images, it can still be pretty easy to do so without a whole lot of effort.
One potential alternative to a traditional watermark is to stage your product photography in a way that makes it not only easy to recognize as your photography but also less desirable for someone else to use.
For example, if you sell handbags or luggage, consider tying a tag on the handle that has your store name or logo on it when photographing it. If you make beauty products, teas, oils, wine, etc. take the time to develop branded labels for all your items to literally put your stamp on them like Beard & Company does. If you sell clothing, shoot the products on models wearing the items in unique environments like NanaMacs does; don’t just photograph the items isolated on blank backgrounds.
If none of these options work, consider using a unique background texture or material that’s harder to replicate. You can also consider surrounding your products with decorative accessories. Soul Peaces does a great job of using this strategy.
Not only can this add a little bit of character to your product photography, it also could make it easier to prove that a photograph was stolen from your site.
Some stores also use a hidden pixel in their product photography. This involves adding a single pixel of a unique color that’s hidden somewhere in the photo. This is a clever way to “tag” your image and can, again, be a great way to prove that the photo was yours originally and was subsequently stolen.
For example, in this image of a coffee cup, we’ve added a red pixel, as shown in this extreme close-up:
Despite the fact that color is rather bright, it's almost impossible to see when fully zoomed out:
Trust us. It's still there!
If you do run into unauthorized use of your images, consider contacting the store’s hosting company (use a tool such as DomainTools) to look up this information.
Most hosting companies have an “abuse” or “DMCA” team that investigates this type of theft. When contacting them, be sure to include any evidence, including any of the tricks mentioned above that you’ve employed.
At the end of the day, however, any image that you place on your website is typically very easy for someone to download, alter and reuse, no matter what protections you have in place. It’s also fairly easy to get caught up in trying to squash every unauthorized use of your images and devoting large amounts of time to it, so be careful not to let this get in the way of running your business.
One of the most important things you can do to protect your Shopify theme and business is to ensure your backend access is secure.
First and foremost, be sure that the store owner’s admin password is extremely secure. Ideally, the password should be a combination of upper and lower case letters, numbers and symbols and not contain any words. For an easy way to create a memorable but secure password, check out this article.
Using your business name, phone number or address as even part of your password is not recommended as this type of information is easy to find out with some simple Internet searches.
Remember that the store owner account has “super” admin rights and can be used to grant spammers access to your store; it also has access to all of your customer and financial data.
It’s also recommended that you change your password regularly and not use a password that you've used on any of your other other online accounts.
All in all, this might seem a bit like overkill to some store owners, but keep in mind that your customers are often trusting you with a large amount of personal information, including their name, address and order history.
From a business standpoint, there are also a variety of reasons to keep info such as sales reports, analytics and other data contained in the Shopify admin confidential so as not to give a competitor an advantage.
For even more security, consider these additional tips:
Please don't post support questions or issues as a comment on this thread, as we may not be able to process it in a timely manner. Instead, please visit our Support Center to browse frequently asked questions or submit a support request directly to our team.
This year, four members of the Out of the Sandbox Shopify theme team had the privilege of attending the Shopify Unite conference in San Francisco. We’ve since returned with new insights, ideas and lots of enthusiasm for the growth we see coming —both on the Shopify platform and for ecommerce in general.