10 Basic Security Tips to Increase Your Magento Site Safety

Magento site security

It is well-known that Magento is considered as one of the safest ecommerce CMS. This platform provides many in-built security features, such as Magento security patches, CAPTCHA, PCI Data Security, and others, that help keeping your online store protected. All of these advantages make Magento very famous in many countries, including Germany, the Great Britain, America and Australia. At the same time, ecommerce community offers additional tips, which can help you increase the security level of your Magento website.

Of course, the security is important for any websites. But the security of online stores is of vital importance. It is explained by availability of customers’ data and financial information regarding orders, shipping, terms of payment, etc. There are a lot of cases when hackers try to get inside and steal users’ data. Credit card details are very popular here. And those who follow all security rules, manage to keep their sites safe.

So, How to Protect Your Magento WebSite from Hackers?

You should remember that any attempt to hack e-trade site can cause a considerable amount of losses. To help you protect your ecommerce business and save all money, we present best tips for keeping Magento site safe.

Create a Unique Magento Admin Path

Usually, to go to the admin Magento page you should add /admin to your website address, for example: ecommerce-site.com/admin. But such path is not secure enough. Hackers or robot guessing password can get to the admin page and guess the password. The best decision here is to change current path to the unique one. You can do it in two steps:

  • Locate /app/etc/local.xml
  • Find <![CDATA[admin]]> and change word “admin” to the new one, for example “datasecurity”.

After all your local.xml file will look like <![CDATA[datasecurity]]>, your admin path will be /datasecurity.

Use Long and Complex Magento Password

As password is a key to your Magento store, it should not be easily guessable.  The most common error is using birth date, mobile number or using such combinations as “ABC”, “123”. There are 5 main advises that can help you:

  • Create a long password. It has to be at least 8 characters.
  • It must be complex enough. It is advisable to use different characters: letters, numbers, punctuation marks.
  • If you have some problems with memorizing, it is better to make password phonetic. It will let you to remember it without any problems.
  • Never use admin panel password for other pages. It has to be used only for one login.
  • Do not keep admin pass on your computer.

Also, it is recommended to have secure username. Very often, the word “admin” is used. But it is a great mistake. Sometimes hackers easily get inside, because they need to guess just one key. Using robust password and secure username can certainly provide your Magento site with double protection.

Apply Two-Factor Authentication for Your Magento Store

But even if both issues indicated above are settled, it cannot guarantee absolute safety. Times goes on and hackers are constantly finding  new ways to break sites. So, our next tip is to use authentication Magento extensions. With them, only trusted devices have an access to your site backend.

Magento presents two reliable extensions. The first is Rubon that offers an extra layer of security and is available for any OS platform. The second is Extendware extension with two-factor authentication. It allows you to limit the amount of log-in attempts. Learn more about both and choose one that suites you the best.

Use a Secure (SSL/HTTPS) Connection

You should remember that there are always some risks. Hackers can intercept the data communicated between admin and server. As this data is sensible, you have to be sure that it is protected. The secure connection can help you to avoid these problems.

On Magento you can do it in a couple of steps. Firstly, click on the System and you will see the dropdown menu, there choose Configuration. Then click on the Web tab and choose Secure. In Base URL, replace 'http' with 'https', and put “yes” for  Use secure URLs in Frontend and Use secure URLs in Admin. And finally, save all changes.

Use Secure FTP

The most commonly used method of Magento site hacking is guessing FTP password.  Here, the use of security password and SSH File Transfer Protocol. The last one provides additional encryption with the use of a private key file for authentication.

Enterprise and Community Edition Patches

Every Magento website owner has to run diagnostics and to do it correctly they need to follow next steps:

Use On-line Magento security scanner

Magento and its partner Byte company offer on-line tool, it is automatic security scanner. You have just open this http://magereport.com/ page and enter your Magento store URL in the special field. Then you have to click green button. Under the field they placed the example, that can help you to do it correctly. This tool provides you with the security report. But please note that it gives the results only on the most important points.

Scan your web server with anti-virus software

Use ClamAV to check your web server for viruses and trojans. It is an open source anti-virus engine that provides a flexible and scalable multi-threaded daemon, a command line scanner as well as a special tool for automatic database updates. It is used for web scanning and endpoint security. Also you can use one more software - ChkRootkit. It is free tool that helps to carry out different anti-virus test processes, for example checking system binaries for rootkit modification.

Magento security patches applying

When Magento developers find some bugs in the system they release a new patch. It helps to keep system secure. This year, in January, Check Point Software Technologies informed Magento about “shoplift” bug. Such vulnerability usually poses a great risk to ecommerce company, because in such case hackers easily get an access to the recorded data. To settle this issue, Magento released a new patch on February 9, 2015. If you need to check is your site patched or not, please go here. If it has not been patched, it is very much recommended to install the patch. Such kind of measure will disable hackers to steal customers personal information and your company financial information.

Upgrade Your Magento Site to the Latest Version

And the last but not least is keeping your Magento site upgraded. There are two Magento versions, which cannot be patched. The first one is Magento 1.3.x that is too old and cannot be supported. So, here we recommend you to upgrade it and after provide it with security patches. The second one is Magento Professionals. Security patches for this version also do not exist. There are two solutions of this issue: upgrading or changing patches especially for old version.

Follow these tips, and we guarantee that your website will be protected from any hacker. If you have some additional questions, our Sam Ecommerce Magento Developers will be happy to answer them. Read more about  Magento and Magento 2:

Comments (0):
Leave a comment:
*Your comment will be published after approval by site administrator.