If you only do one thing for your site this week, make it turning on two-step authentication .
The good news - Shopify is very secure. The bad news, people aren't. So what do you do if one of your staff has used a weak password, and someone has guessed or pfished it, and got into your Shopify site? Or a virus on your machine has sent your password to the bad guys?
The first thing to do is DON'T PANIC - running around with your hair on fire is a natural response to that sinking feeling, but will make things worse. Jumping on to an infected machine and changing your password just gives them your new password.
SECURE A COMPROMISED ACCOUNT (SHOPIFY LIST WITH KIM UPDATES)
If your account has been compromised, then take action to protect your data right away.
ON A DIFFERENT DEVICE (in case you've got a virus) Log in to the email account that you use to log in to Shopify and change the password.
Run antivirus on any machine you (or your staff) usually use.
Log in to Shopify and change the password for your Shopify account. If you can't log in, then reset your password. If you don't receive a password reset email, then contact Shopify Support.
Enable two-step authentication for extra security at login. If two-step authentication is already configured and an attacker was able to defeat it — for example, they stole your device — then change your device and set up two-step authentication again.
Check your banking details for Shopify Payments and update them if necessary.
Check and update your banking details for PayPal and any other payment providers you have configured. We've seen a hacker change your Paypal account to their Paypal account.
Review your general account settings and preferences to make sure all other information is correct. Also check your site for links to external sites.
Follow government guides to protect your identity and sensitive information.