How to secure Nop Commerce?

1.) security section.

Login to backend > configuration > settings > general settings > security.

You can see Admin are IP allowed, enter the IP address which you won’t allow access Admin side to configure the site, if you leave this empty it means anyone can access Nopcommerce backend. KLCWEB recommended that add single or two IP access to the backend.

Do not forgot to change Encryption private key, if you make any changes from admin side change  Encryption private key.


CAPTCHA is a program that can tell whether it is a human or a computer is trying to access your website. Nopcommerce uses Recaptcha by GOOGLE to secure your site against script attacks. Learn about recaptchaV2 and recaptchV3.

RecaptchaV3 covers whole site where Recaptcha covers only single page so always way RecaptchaV3, if you are using RecaptchV2 configure it on login page, sing up page, payment page, contact page.


Security is a must for E-commerce sites but sometimes it’s under DDOS attacks or hacked because some hosting providers have basic security on top of the server. So you need to choose a secure hosting server or buy VPS and set your own security. You think VPS is very costly and hard to manage do not worry. 

KLCWEB offers managed VPS with 24 X 7 live chat and helpdesk support or you should try our especially hosting plan for E-commerce comes with free SSL, Backup, hardware, and software security, Email, and Our experts available round the clock many more in E-commerce hosting.

Leave a Reply

Your email address will not be published. Required fields are marked *