An estimated 240,000 ecommerce stores use Magento for their online operations, which accounts for nearly 30% of the ecommerce platform market.
Unfortunately, this not only makes clear that Magento is a worthwhile program, it makes clear something else: It’s a focus area for cyber criminals across the globe. Add to this the fact that it’s an ecommerce platform, and it’s clear how critical security for any Magento e-store would be.
Magento keeps on releasing security patches to keep client websites secure; however, the responsibility of doing everything possible to secure your Magento store also rests with you, the customer.
There are several customizations, security settings, and additional best practices that you need to be aware of in order to make your Magento based e-store secure. This piece will run through 10 tips that can help you make your ecommerce store more secure than before.
From very technical suggestions to secure your admin access, to general security practices that will keep your store secure, below covers it all.
The obvious: Make sure you have a strong password policy in place
The biggest sin that most Magento e-store administrators and owners are guilty of is having a routine, weak, and easy to crack password. It’s expected, though, considering your entire focus is on getting things off the ground when you set Magento up initially. However, in the absence of any automated password policies via Magento, you need to implement your own. Below are best practices to remember:
- Your password must be 10 or more characters long
- The password must include at least one symbol, one number, and one capital alphabet
- Don’t include your company name, or any dictionary word in your password
- Change the password every 90 days, or sooner
This can also be improved with secure two-step authentication. This helps you cover your bases if you ever give your password to another employee who may need administrator privileges at one point in time.
The not-so obvious: Modify the admin path
Chances are you have never bothered with the admin/default path. However the default path, unfortunately, makes it a lot easier for cyber criminals to crack your login credentials using brute force techniques. By changing the default admin path, you add another layer of protection to keep your store’s login credential secure. Here are ways you can change the default admin path.
1. Go to admin backend. Here, go to System, and then Config. In the options, click on Admin, and then Admin Base URL. Select the option to ‘Use Custom Admin Path’, and click on Yes.
2. The other method involves manipulating some code in your Magento store’s local.xml file. You can access the local.xml file by going to the following path: app/etc/local.xml.
Open the file, and look for the following code.
Here, you need to replace [admin] with the new path. Once done, save the file, and refresh the cache and you’re done!
Keep a strong watch and control on admin users
For all admin users who have Go to the full article.
Source:: Search Engine Watch