Security Spotlight - 6 Steps to a more secure Magento Site

If you want to keep your online store safe from ever-evolving cyber threats, follow these 6 simple steps to lead you to a more secure Magento site.

  1. Choose a Strong Password

It should go without saying, yet it can’t be stressed enough. Relying on a weak password is like leaving your keys in your front door. Also, check your configurations and permissions to make sure that this password doesn’t also provide access to customer information.

  1. Require an Encrypted Connection

Never send data over an unencrypted connection. Unless you have configured Magento to use secure logins, you might be more vulnerable to hackers than you think. You can require that login information be sent over a secure connection by changing your setting in the system configuration menu.

  1. Obscure Your Admin Path

If the path to reach your admin panel is “your-site.com/admin”, you’ve made it incredibly easy for hackers and password-guessing robots to guess your password. Instead of having the address end in “admin”, choose another word that only you and approved parties know.

  1. Use a Private Email

If you forget your administrator’s password, Magento will send it to your email. Make sure you use an email address that is not publicly known, that has a secure password, and that is linked to a security question that it would be impossible for someone to guess.

  1. Use SFTP

Guessing and intercepting FTP passwords is one of the oldest hacker tricks in the book. Make sure that you are using secure passwords and SFTP (SSH File Transfer Protocol). You can also use public key authentication for an even more secure Magento site.

  1. Restrict Admin Access

You should restrict administrative access to only approved IP addresses. This can make things a challenge if you travel a lot, but it is an effective way to close one of the most vulnerable entry points to your site.

We have good news and bad news. You now have a much more secure Magento site, but that doesn’t mean it’s secure from all or even the most pressing threats. For the highest levels of protection, partner with a managed services hosting company that can provide you with 24/7 monitoring and powerful tools to protect you and your customers. Begin exploring your options by contacting Tenzing.

Aisling McCaffrey

Demand Marketing Specialist at Thinkwrap
Aisling is our Demand Marketing Specialist at Thinkwrap, and loves working with both technology and humans. She studied International Business (concentrating in Marketing) and has spent several years living and working in China, mostly in Shanghai, where she became passionate about global innovation and how the use of social media changes in different cultures. Aisling likes to keep up on internet trends - from business to memes - and is always looking for new ways to learn or entertain herself.