Although Magento is one of the leading eCommerce platforms that businesses use to build and manage webstores, yet security is one aspect that is neglected by a lot of Magento store owners and developers.
eCommerce sites are very attractive targets because of the personal and payment data that is needed to make a sale.
Even though Magento comes up with security patches regularly, there are Magento security best practices that website administrators must follow to keep their store protected.
We created a checklist that ensures almost 99% protection from any such attempts to break-in. Here are the top Magento security tips:
- Use Strong passwords – Your passwords should be at least 8 characters long and a combination of alphabets, numbers, and special characters. Also, keep changing them regularly.
- Change Magento Admin Path – A non-standard one like ‘/customadminpath’ should replace the default /admin to prevent brute force attacks.
- 2-Factor Authentication – There are Magento extensions that deliver 2-factor authentication so that you don’t have to worry about password-related Magento security risks. You will need an additional code apart from your password to log in.
- Use Secure FTP – Use secure passwords and use SFTP (Secured File Transfer Protocol) which uses a private key file for decryption or authenticating a user unlike plain text information transmission in the case of FTP.
- Prevent MySQL Injection – Although Magento provides good support to avoid any MySQL injection attacks with its newer versions and patches, it is not an ideal approach to rely only on them. We suggest that you add web application firewalls like Sucuri, Cloudflare, or Incapsula to keep your site and your customers safe
- Apply all Magento patches – Magento releases security patches regularly to ensure any loopholes are fixed. Make sure you apply them as soon as they are released in your store.
- Enable SSL – Enable SSL on your website URL’s where transactions are involved to ensure no information is transmitted in plain text
- Install the WordPress blog (if applicable) to a separate virtual host.
- Correct Permissions – Ensure your files and folder permissions are correct. No directory should have 666 permissions or file should have 777 unless specifically required.
- Scan Regularly – Maldet or Yara can be installed on the server to regularly scan files for malware. For external malware checks, you may use Magereport or eComscan
- Regular offsite backups of your files as well as databases.
- Invest in Managed Magento Hosting – Managed Magento Hosting Platforms are your best choice – they guarantee robust security with frequent patches at the server-level.
Webscoot’s Managed Magento Platform is completely secure and customers are informed about any new Magento Security Patches. We also take care of all the Magento Security best practices to minimize any such hacks and exploits. See our fully managed Magento hosting plans here or Contact Us for more details.
He is the CEO and founder at MageHost. Sahil loves to solve problems and makes sure his clients have a speedy website. When not working hard on his Mac, he is seen traveling!