Magento Security. How to protect your eCommerce store?
Security gaps in websites are very unpleasant, but extremely significant issues. And eCommerce is not an exception. Everyone Magento shopkeeper should be not just ready for hacker attacks, but also know how to prevent them. In this article, we have attempted to collect the main ways for increasing of Magento security for your store. Many of the next tips are not specific to Magento security, that is why it will be useful for other eCommerce platforms too.
Know the current state of your website
Do you know which Magento security patches are installed on your store? Is your website protected? For the start of making any changes, you need to discover Achilles heel of your store. The easiest way to make it – just to check it online. MageReport gives you a quick and easy-to-understand overview of the condition of your system with a description of each Magento security patch. You need just to input your link, click Scan and in a few seconds, you will see a short description of tested components with a risk rating. Remember: this test covers only a small number of aspects and it can not replace a thorough investigation of Magento security “from the inside”. However, it is perfectly advisable for the day-to-day checking.
Keep system up-to-date
Is your website updated to the latest version? We highly recommend you to make the updates for new releases. Each upgrade comes with new available features, the fixed functionality issues and with Magento security patches related to the latest attacks. After these updates, your website becomes more secure. You can ask us for Magento Upgrade and Migration.
Use “strong” passwords
Always use “strong”, so hard to guess, passwords, both for server services and for the Magento backend. Do not use the common usernames, such as “admin” or “root”. Use hard to remember password, which includes uppercase, lowercase and numbers and at least 8 characters long. It is easy, but extremely important for your Magento security. We highly recommend you to use LastPass service for saving your passwords. We also use it for sharing, saving and generating of passwords. Who can manage difficult passwords better than machine?
Use secure protocols
Use SFTP, SSH, SCP, or HTTPS / SSL for all accesses – be it for data transmission or calling the backend. Webpages transported with HTTP:// are not encrypted. If you see HTTPS://, Secure Sockets Layer is used. SSL standard helps you to protect your customers and website. You can easily change it in settings.
The to-do list in case of hacking attack
If despite your protection you became a victim of attacks, you need to have a plan for saving your Magento store.
- Take your site off the net immediately for blocking of access.
- Make a complete backup for later forensic analysis and for restore of data.
- Cooperate with specialists for determination of the damage that occurred and the attack path (gap).
- Create a new clean installation with a help of backed up data.
- Make a full system update with all available Magento security patches.
Let us help you!
MageDirect Team is experienced in Magento Security Optimization, so you can let us make that all instead of you. For our clients, we provide services of website vulnerability checking, which include two stages. At the first stage, apart from MageReport, we scan Magento store with the help of the next instruments: Clamav, Sucuri and Quttera and make database audit.
At the next stage, we are doing a manual code audit and compare Core Magento with the original version with a help of instruments like Meld.
To sum up, there are plenty of ways to secure your website. It would be useful if you can also share your tips and tricks in the comments below. Let’s make eCommerce world much more secure together!