Over the last decade of running this blog and teaching my online store course, I’ve noticed a disturbing trend among many ecommerce entrepreneurs.
Now this trend is especially prevalent because 99% of online store owners do not have a programming background nor do they bother trying to learn the basics of how web technologies work.
As a result, whenever they need or want a certain feature for their shopping cart, they do what any normal person would do…
They do a search on Google, look for a free WordPress plugin, widget or piece of code that does what they want and then they blindly install it on their website.
And 90% of the time, the plugin seems to do what they want so they keep it installed without realizing the potential ramifications of their decision.
So today I want to talk about the dangers of installing 3rd party code and random plugins on your site.
In addition, I’ll provide you with guidelines that I personally use to select my plugins.
Hopefully by the end of this post, you will be a lot more deliberate in minimizing the risks from poorly coded software and malicious activity.
The Power Of A Single Line Of Code
Here’s a quick example of what this code looks like
Now if you’ve ever looked at your Google Analytics report before, you’ll notice that every possible piece of information about your website and your visitors is sent to Google’s servers where they “promise” not to look at it.
And they obtain all of this data about your website from one tiny piece of code that you cut and paste onto your site.
Pretty powerful right?
And because such a small piece of code can wield so much power, you really have to trust the company you are dealing with.
Below are some actual problems my students have faced as a result of blindly using 3rd party code.
One of my students was getting a lot of traffic to her website from Google but her traffic wasn’t resulting in many sales for her online store.
As a result, she decided to display banner ads on her site.
Now mixing ads with products is generally not a good idea for an ecommerce shop but she reasoned that if her visitors weren’t buying her products, she may as well make “some” money with ads.
Anyway, one day she sent me an email asking me why all of her sales suddenly stopped. And when I went to look at her site, I was horrified.
First off, her site took almost 20 seconds to load and when it finally did load, there were flashing animated ads all over the place. When I did a web page speed test, this is what I found.
And she installed the code in such a way that the ad code was blocking her content from showing up until after the ad code loaded.
It’s no wonder that no one was shopping in her shop! Besides the flashing ads, customers were likely getting frustrated with the extremely slow loading times caused by the code.
In fact, ad networks are notoriously known for slowing down sites because they literally transmit tons of tracking information about your site back to their servers.
They are also known for storing visitor data and selling that information to other advertisers.
Another student in my class was looking for a plugin to boost the number of likes on her Facebook fan page. As a result, she found this piece of code that made a customer “like” her Facebook fan page before exposing a coupon code that would incentize a customer to buy.
It seemed innocent enough and the plugin worked like a champ for quite a while. But then one day, this student emailed me frantically telling me that her website was broken even though she had not made any changes.
When I went to her online store to investigate, I found that her website header and logo were loading just fine but the rest of her shop was completely blank.
And because this code was in the header of her store, it prevented the rest of her site from loading because it couldn’t get past the call to the bad server.
When you use someone else’s code, that person can essentially alter your website however they see fit.
Here’s how it went down.
For information about this, you can read Glen’s post in its entirety here
Be Careful Of What Amazon Tools You Install
Because I’m a member of many ecommerce seller groups, I often hear stories and rumors of malicious activity arising from various Amazon tools on the market.
Now in order to use most Amazon tools these days, you have to provide them with your Amazon API credentials which essentially allows that tool to see all of your sales and all of your products.
Well guess what? This information is extremely sensitive and can potentially be used against you.
Recently, there was a rumor going around that the owner of a very popular Amazon seller tool was at the Canton Fair sourcing popular products for sale.
And because this software company owner had intimate knowledge of 1000’s of seller accounts, he knew exactly what to look for.
Pretty sleazy right?
But unfortunately, this scenario can and does happen all the time. In fact, I strongly believe that every company looks at their client data whether it be out of curiosity or to improve upon their own product.
Recently employees of Amazon in China have been selling vendor data to anyone willing to pay their price. And this is Amazon we’re talking about here!!!
Right now, selling on Amazon is as cutthroat as it gets and there’s a ton of malicious activity.
For more information, please check my post on The Dangers Of Selling On Amazon And Horror Stories From Real Amazon Sellers
What To Look Out For
Hopefully, I’ve convinced you that you need to be extremely careful when using 3rd party code on your site. Now that’s not to say that you should NEVER use other people’s code because that would be silly.
But make sure that you fully trust the author of the code you are using.
- Try not to use code that makes calls to a 3rd party server – Sometimes this can not be helped but try to limit this if possible
Note: Hosting your own code is not always applicable and depends on the situation but you should ask whether it’s possible
Deciding which Amazon sellers tool to trust is a much more complicated problem. For me, I’m extremely careful about who I give my Amazon credentials to.
And I actually do some due diligence into who is behind the company before I fork over my Amazon API keys.
Specifically, I ask…
- Who their largest customers are
- How long their software has been in existence
- How many engineers are on the project
- How they test and do QA for their product
Because designing hardware and software was my job for over 20 years, I’m extremely sensitive to bugs and quality control:)
And anyone who has worked with me in the past knows that I’m super anal about introducing any additional points of failure with my site. As a result, I keep all 3rd party code to an absolute minimum.
Realistically speaking, most reputable companies will not intentionally try to harm your site but every single plugin or piece of code you install is another point of failure that is beyond your control.
Now you don’t have to be as anal as I am but you should at least understand the ramifications of your actions. Just make sure that you know what you are getting into when using someone else’s code and make sure you trust the person behind the company.
- How To Prevent WordPress Spam Comments From Crashing Your WordPress Blog And Taking Down Your Server
- 6 Ways To Speed Up The Loading Of Your Website
- Every Tool And Plugin I Use To Run My 7 Figure Blog, Podcast And Online Course Membership Site
- Should I Buy A Cheap SSL Certificate Vs A Name Brand Like Verisign Or GeoTrust And Is EV Necessary?
- How To Start An Online Store, Own Your Own Website And Sell Online
Have you read these?
- How Cheap Shared Hosting Companies Are Lying To You
- Resale Certificates – How To Save On Sales Tax For Your Business
- How To Evaluate A Dropship Store For Purchase – Would You Buy This Website For 2000 Dollars?
- ConvertKit Vs AWeber – A Detailed Email Marketing Comparison Written By A 7 Figure Blogger
- How To Start A TShirt Business For Under $3 With Your Kids