We previously narrated some of the most basic yet useful techniques with which you can harden the security of your Magento store. Security tips present in the 1st Part “Tips to make your Magento store secure” can be the podium for you inhibit some of the most commonly happening malicious nastiness. Here we are again with the part two on making your Magento store secure. We have here inculcated some advance and technical processes, so if you are a non-technical user, it is advised that you address your hosting provider (only if it is managed hosting) to undertake such steps OR you can get help from a technical friend/colleague/employee to perform these tasks for you. So are you ready, here we go!
TIP# 8: Eliminate Email Loopholes
Magento provides users a great password recovering facility through your pre-configured Email address. But if that email I.D gets hacked your whole Magento Store becomes vulnerable. You need to make sure that the email address you use for Magento is not publicly known. Secondly, keep in mind the tips we told you regarding passwords as you would want to make a secure password for your email I.D as well. Also, when retrieving a forgotten password you must have a security question which is obscure and hard to guess.
TIP# 9: Invest In A Quality Anti-Virus Software
There are many viruses and Trojans which are made for a sole purpose, to steal credentials and login details. In-order to prevent yourself from such viruses, invest in some quality Antivirus software. There are many Antivirus(s) available for free such as AVG and Avast etc. These softwares are great for home and personal use but to maximize their shield and potential with a warranty, it may cost you a certain amount.
TIP# 10: Acquire Encrypted Connection (SSL/HTTPS)
Whenever you send data, say your login details, across an unencrypted connection, there are risks of that data being intercepted. This interception can give assailants a peep into your credentials. To eliminate these issues, it is essential that you acquire secure connection. In Magento, you can get secure HTTPS/SSL URL simply by checking the tab “Use Secure URLs in system configuration menu. This is also one of the key elements in making your Magento website compliant with the PCI data security standard and in securing your online transactions.
TIP# 11: Prevent MySQL Injection
Although Magneto provides great support to out –maneuver any MySQL injection attacks with its newer versions and patches but it is not always an ideal approach to rely only on them. We suggest that you add web application firewalls such as NAXSI which provides an extra protection to you and your customers by eliminating 99% of the known patterns that are involved in website vulnerabilities
TIP# 12: Set A Custom Path For Your Admin Panel
You generally access you Magento admin panel by going on my-site.com/admin. This is basically very easy for hackers to get on to your admin login page and start guessing passwords. But you can prevent this by making a secret code instead of just /admin. This also prevents hackers form getting on to your admin login page even if they somehow get hold of your password. You can change your Magento admin path by:
- Locating /app/etc/local.xml
- Finding <![CDATA[admin]]> and replacing “admin” with your desired word or code.
TIP# 13: Use a Secure FTP
One of the most commonly used ways to hack a site is by guessing or intercepting FTP passwords. To prevent this from happening to you, it’s essential that you use secure passwords and use SFTP (SSH File Transfer Protocol) which uses a private key file for de-encryption or authenticating a user. This approach increases the security of your site FTP. Here is the documentation on how to setup a SFTP protocol for Magento.
BONUS TIP: Disable Directory Indexing
Disabling directory indexing is another way with which you can harden the security of your domain. Once disabled, you are able to hide the obvious pathways via which the files of your domain are stored. This prevents cyber crooks in accessing you Magento powered website’s core files, however, they can still access your files if they already know what the full path of your files is.
Over to you
Well, now you know some of the most versatile techniques that can guarantee a safe and smooth running Magento store. However, It is also better to observe precaution while you are employing precautions so in-case any of the above mentioned steps doesn’t work for you, it is suggested that you should get in touch with the Magento community to get more magento tutorials. There are some prolific Magento experts over there and they might have the best answer and solution for you. If you’ve had any experience with these steps or you know any other process that helps to secure a Magento powered website, we would love to hear from you. Please have your say below in comments.