Websites’ data security is very important, but security is more important for eCommerce website. They contain a lot of financial and personal customer data. Any problem causes a huge loss to your store. Magento security in considered as one of the best, but there are some additional tips to make your security foolproof inside and outside of Magento.
Additive guide to Magento security.
1. Update your software regularly
The fact of appearing of a new version of popular program always followed by discontent of users. “Update? Again? The previous version is good, I used to it”. There are lots of people who use old versions of program year after year.
An update brings not only new design or functionality, it brings new security features. For example, people that use Windows XP considered to be the best nodes for botnets. This happened because this operating system has no opportunities to protect your computer from new viruses.
Imagine what disaster could happened with your store, where the most valuable thing is customer data. Hacker can use for email spam or even to steal money from customer account. They also can damage your website.
So, remember that having eCommerce website is a big responsibility. When you update Magento version in time, you use all advantages of Magento security.
2. Don’t forget to backup your Magento store
Backups should be done regularly, before each changing of data or installing new extension. Backups are one of the best methods to minimize the damage and the easiest way for recovery after the attack.
If you want to be familiar with the Magento backup process, read my article.
According to the statistics the password 123456 was very popular in 2014. Do not use so easy passwords in Magento. Remember, that hackers want to get your data.
Don’t use the same password for different accounts.
Also don’t use usernames like ‘admin’ to login to your Magento store, most hackers attacks was successful because they should guess the password. You can change your name and password in System -> My Account. 4. Two-factor authorization (IP) You can pre-define your IP address by which you can access to your Magento admin panel. You can create list of different IP addresses for your coworkers through Magento Admin panel. Users with other IP’s will not be able to access to Magento Admin panel. It could be done in the .htaccess file. 5. Set up Firewall By setting up firewall you will allow public access only to web server. For doing this you should have permanent IP address. 6. Check activities in logs You should check server logs regularly. The following steps are extremely important for Magento security: You have an ability to set up notifications for logging from unusual place (country) that is compared automatically to previous logins. You also can set up notifications for multiple unsuccessful logins. 7. SSL/HTTPS Connection You can use this protocol to enable secure URLs. You can use it not in all website pages, but only in Admin Panel, Checkout Page, etc. 8. Custom Path for the Admin Panel The standard Magento path looks like this: http://my-website.com/admin. It is well-known information for everyone, so it can be used to hack your data. You can change your path and make something unique: http://my-website.com/ajhebvcfdin This looks like a really small step, but it can help to bring your Magento security to a high level. 9. Use antivirus software
I think this is not not new and really predictable advise. So, just don’t forget to update your antivirus.