Knowledge base
Video tutorials
Try searching for:
Recently viewed articles:

Table of contents

Your Ecwid account security

Being a PCI DSS certified e-commerce solution, Ecwid complies with the highest safety standards to keep your store safe. PCI DSS stands for Payment Card Industry Data Security Standard, and this is the international standard for secure data exchanges for online stores and payment systems. See Ecwid’s Attestation of Compliance with PCI DSS for Level 1 Service Providers

However, there are also things that you can do to add extra layers of security for your store account. For example, you can create a strong password for your Ecwid control panel and use different email addresses for your public contact info and for your Ecwid login.


Create a strong password

Use a strong password for your Ecwid login, and advise your staff accounts to do the same. When creating passwords follow these general recommendations from Google:


  • Use different passwords for important accounts like your email or store account.
  • Your password should consist of at least 8 characters.
  • Use a mix of letters, numbers, and symbols like #, %, ?, !, etc.
  • Use upper and lower case letters.
  • You can try using a quote from a song/poem/movie enhanced with the above recommendations to more easily memorize a long password.

Don’t use:

  • General words from dictionaries or common expressions.
  • Keyboard patterns like “qwerty” or “12345”.
  • Personal information like names, addresses, ID numbers, important years, etc.

If you need to update the password for your Ecwid account to a more secure one, go to your Ecwid control panel → My Profile → Profile and enter your new password, then save the changes.

You can install a password manager to generate unique and strong passwords and to help keep them safe. Another benefit to using a password manager is that, with a password vault, you will need to remember just one master password in order to open the vault. We recommend using 1Password or LastPass.

Turn on two-factor authentication

If you use Gmail or Facebook to sign in to your Ecwid account, we recommend that you enable two-step verification (also known as two-factor authentication). This will further protect your login information both for those sites and for Ecwid.

With two-factor authentication you sign in with two steps:
Step 1 - you enter your password (you know it)
Step 2 - you enter a security code (you receive it on your phone).

For Gmail: follow our instructions for enabling 2-step verification for Gmail to log into your Ecwid account.

For Facebook: if you use Facebook to log in to your Ecwid account, follow these steps to enable two-factor authentication for your Facebook account.

If you sign up to Ecwid with your Facebook, Google, Apple, or PayPal account, you can unlink your third-party account in case it’s compromised or you lose access to it on the Profile page in your Ecwid admin.

Revise your staff list

If you want to add other users, like fulfillment staff or a designer, to your Ecwid control panel, do not share your Ecwid login with them. Instead, create separate staff accounts for each user in your store. Staff accounts have separate logins and don't have access to your profile and billing pages.

As a store owner, periodically revise your staff account list to make sure it’s up to date and remove unnecessary staff accounts from it.

Learn more about adding and removing staff accounts in your store.

React to suspicious login activity

As soon as Ecwid detects a new login to your Ecwid account from a different location or device (phone or computer), we will send an email notification about unusual logins to your inbox.

If you recognize the login, you can safely ignore the notification.

If you don't recognize the login, we recommend you reset your password immediately to make sure your account hasn’t been compromised. Then perform these further steps to secure your data.

Prevent phishing

Phishing is a type of online scam often used to steal personal data. Scammers send phony messages or emails to trick you into clicking on a malicious link or downloading a malicious attachment in order to steal your personal data like your login credentials or credit card details.

A phishing email appears to be sent by a legitimate company which is why it can be tricky to detect. We recommend that you do not expose your Ecwid login email in public places such as the contact address on your website. By not using your Ecwid email login publically you can help ensure that you are not contacted by scammers on that account. 

You can learn more about how to detect and prevent phishing in our Preventing phishing article.

Related articles:

Security in Ecwid
Fraud prevention
Understanding domains
Setup of DMARC policies
General Data Protection Regulation (GDPR) and Ecwid stores

Was this article helpful?

Awesome! Thanks for your feedback!

Thanks for your feedback!

Sorry about that! What went wrong?
3 out of 8 found this helpful
We use cookies and similar technologies to remember your preferences, measure effectiveness of our campaigns, and analyze depersonalized data to improve performance of our site. By choosing «Accept», you consent to the use of cookies.
Accept cookies Decline