As Magento is one of the most popular eCommerce platform, it comes under the greatest number of attacks from hackers who would love to get inside your online shope to steal your customers information and credit card details, spam your customers and conduct phishing campaigns on your behalf. Discover in this article many security improvements that I recommend for anyone looking to protect their Magento shop from hackers.
1# Never use your admin password for anything else
Your Magento Admin password should be 100% unique, you should never use the same password you do with other sites. Too often, a hacker will get access to your usual password and use it to hack your Magento site. Don’t let this happen to you.
2# Require HTTPS/SSL for your login pages
Without an encrypted connection, every time you use your username and password, you run the risk of it being intercepted by a hacker. Read more on risks and how to enhance your consumer confidence with HTTPS/SSL. You should enable HTTPS/SSL on your Magento to avoid these risks.
3# Make sure that your Magento is upgraded to the latest version
It is quite important to keep your shop updated and patched. Unfortunately there is no security patches for Magento 1.3.x, it is too old to be supported, you need to upgrade it. Furthermore, there is no security patches for Magento Professional and I recommend to upgrade it to Magento Community edition. If you can’t upgrade, use a cybersecurity solution to protect your store.
4# Make sure that all security patches are applied
Security patches for Magento Enterprise are available in your Magento Enterprise portal, also it is available for official Magento partners. Here is a list of all security patches currently available for Magento Community:
5# Only use trusted Magento extensions
If the Magento core code has the advantage of an active community of developers, it is not the same thing for extensions that have been created for it. It only takes one vulnerability in one extension to provide a hacker complete access and control over your website. Please use only trusted extensions and be sure to update it regularly.
6# Make sure to backup your shop regularly
As part of your disaster recovery plan, be sure back up your files and database on a regular basis in order to decrease the amount of damage that an attack can cause. Remember to always back it up on a different server than where your shop is hosted. Amazon’s S3 online storage service for its high level of security and the ease in which Magento syncs with it.
7# Use a magic solution for vulnerability assessment
There is a good online tool from OZON to assess your Magento site risk level for free. At the end of the test you will see the security report and be able to patch it. This 360 cybersecurity solution makes your online shop really secure and safe from sophisticated cyberattacks: