Even though you may feel like your launch task list simply cannot hold one more thing, you must make room for securing these 3 areas of your next launch. The good news is that they are quick tasks + will often fit into existing to do items that you already need to accomplish.
Your customers’ payment info
I’m starting with the biggest one because it needs to be given your full attention. If you are collecting payment from anyone for anything, you must give a fuck about security. If you handed someone your credit card number, you’d want them to be careful with that info so that it didn’t end up being used to rack up thousands of dollars in shopping sprees that you then have to work with your bank to sort out.
The easiest way to give any fucks about payment info security is to have someone else deal with the payment info. Using things like PayPal buttons, Gumroad, or any other system where your client leaves your site to submit their payment means that data isn’t stored anywhere on your site or server — and that means you are not at risk of letting that info get into the wrong hands. As long as you are using a top-notch payment option, this is a great bet for making this task easy to complete.
But if you give more fucks about your customer experience, then you MUST have an SSL on your site in order to collect payment information from your customers. Thankfully, most services that allow you to collect credit card details on your domain require the SSL (like Stripe), but I have seen some that don’t. An SSL encrypts all of that sensitive info + protects you as the business owner from crappy circumstances. If you need an SSL, your hosting company or domain registrar can help you out for $50-$100 a year.
The content you are selling
Now that you’ve made sure your customers aren’t at risk for losing their payment info to the wrong person, you’ll want to do the same for yourself. The digital product/course you are selling will need protection from copycats + anyone who didn’t actually pay for it.
The first option is to use a third party to deliver the goods so that you let them handle file protection + get those items off your list. For example, I use Gumroad for my WordPress security ebook. They collect the payment + then deliver the files. But a user has to pay in full + provide a valid email address in order to get their copy. There’s no risk of someone googling WordPress security + gaining access to all 44 pages of info that I created. Other ways to use a third party include Amazon S3 for storing the files + keeping them out of search engine results or Send Owl, which is similar to Gumroad.
If you are selling a course, or want to have more control in how files are distributed, you’ll want to use a plugin on your WordPress site to handle content protection. For more straight-forward digital products, an ecommerce plugin like WooCommerce allows you to add digital files to a product that are only shared once payment has been processed. The only downside to this option is that you have to configure your entire shop (setup, products, emails, etc) in order to sell even one thing. But the upside is that you get to control how all of those items look + work.
For courses or more complex products, most folks create a members only site using a plugin like Wishlist Member. What membership plugins do is allow you to specify which pages, posts, media files, etc require a login to see. You can even create different levels of access if you have bonus content for specific users. Once someone pays for your product/course, they are directed to a registration page to set their username + password. Those two pieces of info give them access to the content that they paid for — again, making sure no one can simply do a google search to find your course content.
Last but not least, you’ll want to protect the various online accounts you are using for your launch. A simple ebook launch may only have a handful of accounts — sales website, PayPal, Amazon S3, email account + domain registrar — but that means there are a handful of places a hacker could get access to your information.
The fastest way to protect your accounts is by using secure passwords. If you make it a rule to only use secure passwords, you don’t need to add anymore tasks to your to do list.
If you geek out on security as much as I do, you can start to do tricky things like using a separate gmail account for your domain registration. (Note: I’m not talking a Google apps email address, I really do mean @gmail.com.)
Have you heard the horror stories of someone losing their domain or social media account to someone because they gained access to their email address? If the domain server gets compromised, that means hackers have access to your custom email address + can send reset password emails for any account they want to take over. However, if you use an @gmail.com email account, you have better protection — assuming you are using a secure password for that address — and will get alerts for someone trying to reset your account passwords.
With access to your accounts, a hacker (or malicious person) could set the PayPal email address to theirs instead of yours, grab all of your course content + sell it under their own website, steal your unique domain name to use for their own product or simply taken down your entire site when you are trying to launch/sell your product. yikes!
Don’t let your next launch be a security nightmare. Take care of these 3 areas before you launch to avoid losing money, customers + your personal information each time you launch a product or course.