When it comes to e-commerce software, Magento is the most popular one there is. With its popularity, however, comes risks – the biggest one being that it is subject to the largest number of attacks. The attacks are usually carried out by experienced hackers with the aim of getting into your store to either spam and phish your customers or even steal their information. Thankfully, there are a number of ways you can keep your Magento store secure. Here we’ve outlined some of the key ways you can keep the attackers at bay.
Always have the latest version
Keeping up to date with the latest version of Magento is vitally important. When a new version of Magento is released, quite often it will contain a patch which has been designed specifically to neutralise a security risk that may have recently been discovered. By having the latest version, you’re making sure you have the latest security against any potential threats. It’s a good idea to keep your anti-virus software up to date too; good commercial-grade anti-virus software will let you update it daily, so make sure you do if you want to stay secure.
Strong passwords that are rotated frequently
It’s common knowledge that the stronger your password is the better chance you have of keeping your Magento site secure. To add an extra level of security, it is a good idea to regularly rotate your password. The longer and more unique it is the better. Experts advise that your password is at least fifteen characters long and contains a combination of upper and lower case letters, numbers and symbols. It’s important that you don’t use the same password for anything else either. Having a unique Magento password means hackers have no chance of figuring out your password from another site.
Lock down your ports
The ports on your server should be locked down as tightly as possible, ideally just leaving port 80 (HTTP) and port 443 (HTTPS) accessible. If you don’t lock down your ports you could be unknowingly inviting hackers into your site. So you’re going to want to make sure as many of your ports as possible are locked down (e.g. FTP / SSH ports). You can ask your hosting company to do this for you, that way you can prevent hackers from identifying which ports are open and potentially attacking your site.
Lock down admin area to IP address
One of the most effective precautions you can take is by locking down your admin area. By doing this, access to the admin area is restricted to only certain IP addresses. You can do this via a free plugin to give you a quick and easy extra level of security. When using this method, you’ll have to make sure that you update it if you want to access it from a different IP address, but if it stops hackers in their tracks, it’s a security measure that’s well worth taking.
Magento best practice
To make sure your Magento site is always as secure as possible, be sure to follow Magento best practice at all times. Magento best practice is outlined in their user guide.