Protect Magento Store from Cryptominers: 5 Security Tips

Protect Magento Store from Cryptominers

Over 1,000 Magento stores, predominantly in Europe and the USA, were exposed to cryptominers’  brute force attacks. The security of other CMSs, such as OpenCart and Powerfront, was also compromised.

In all these cases, successful attacks ended up in the injection of a harmful code in the Magento core file. Such an intrusion could lead to a sensitive data breach. The attackers got access to the pages where payment data was processed and could get credit card numbers as well as install cryptocurrency miners.

Some merchants, whose sites were attacked, reported that their sites were infected after they’ve launched an Adobe Flash Player update. This update was a fake one and included a harmful code that downloaded AZORult - a malicious data-stealing malware - from GitHub. 

After the case studies, it was found out that the majority of attacks were successful due to a low-security level. Thus, we decided to remind you of precautionary measures you can take to protect your Magento store from cryptominers’ attacks.

Tip 1. Password

A vast majority of Magento admins don’t even adjust the standard password for their accounts. These last brute-force attacks reminded us of the power of a strong password-hygiene practice, that is the following:

  • change a standard password to an intricate one with letters of both cases, numbers and special characters; however, avoid using personal details such as dates, names or places for the password;
  • don’t use an identical password for several sites;
  • don’t keep the password on your computer.

These are the easiest but essential tip you should follow to protect the store from cryptominers’ attacks. You may think, we didn’t have to waste your time and remind you of adjusting the password. However, it isn’t uncommon that admins neglect the password hygiene.

To strengthen the security of a Magento store even more, you can implement two-factor/step authentication. 2FA is a security process where a user must prove their identity not with one factor, usually a password, but with two factors. On Magento Marketplace, you’ll find a lot of extensions that will deliver 2FA to your store.

Protect Magento Store from Cryptominers-2

Tip 2. Path to Admin Panel

The standard path to any admin panel is sitename.com/admin. So attackers don’t even have to look for it. For security reasons, Magento offers you to adjust a default path to a custom one by following the next steps:

  1. go to Admin > System > Configure > Advanced > Admin > Admin Base Rule;
  2. enable the use of a custom admin path and enter the desired one, but don’t select “backend” - another popular word for the path. 

These steps seem very easy, but it isn’t advisable to perform them without knowing how to edit configuration files on the server.

Tip 3. Encrypted Connection

To save data from being intercepted, we advise you to encrypt the connection. Moreover, you can easily do it by yourself in Magento admin panel. Just go to “Use Secure URLs” and enable this function. After that, the website will show a green lock symbol to your customers, so they’ll be sure that no one can steal their credentials. And you’ll be sure that your website is compliant with GDPR

Tip 4. Firewall

According to some recent studies, MySQL injection attempts are the number one threat for online retailing. Suppose such attacks are successful, then the hackers can not only get the access to the sensitive data you store but also alter it. To defend the store from such attacks, you can implement a Firewall application. Firewall is in charge to decide which data packets may enter or leave a network. In this way, firewalls prevent, or at least lower, the risk of acquiring a harmful data.

Protect Magento Store from Cryptominers-3

Tip 5. Updates

Magento often releases new updates, and it’s for a good reason. In Magento updates, you’ll find fixed issues, new features and security solution for recently discovered weaknesses. For example, the latest update, for the time being, is Magento 2.2.3, it includes over 30 security improvements (the details you can find in the article What’s New in Magento 2.2.3?). Therefore, we advise you to regularly update your Magento store in order to keep the highest level of the site security.

Those are 5 vital security tips to protect a Magento store from hackers in general and cryptominers in particular. If you think it’s not enough for you store, contact Our Team of Magento Certified Developers and we’ll be happy to help you.

You may be interested in the following articles:

Comments (0):
Leave a comment:
*Your comment will be published after approval by site administrator.