top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How Magento can be made more secure for the client?

+5 votes
1,214 views
How Magento can be made more secure for the client?
posted Aug 17, 2015 by Vrije Mani Upadhyay

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

3 Answers

+1 vote
 
Best answer

If you want to keep your online store safe from ever-evolving cyber threats, follow these 6 simple steps to lead you to a more secure Magento site.

Choose a Strong Password:
It should go without saying, yet it can’t be stressed enough. Relying on a weak password is like leaving your keys in your front door. Also, check your configurations and permissions to make sure that this password doesn’t also provide access to customer information.

Require an Encrypted Connection
Never send data over an unencrypted connection. Unless you have configured Magento to use secure logins, you might be more vulnerable to hackers than you think. You can require that login information be sent over a secure connection by changing your setting in the system configuration menu.

Obscure Your Admin Path
If the path to reach your admin panel is “your-site.com/admin”, you’ve made it incredibly easy for hackers and password-guessing robots to guess your password. Instead of having the address end in “admin”, choose another word that only you and approved parties know.

Use a Private Email
If you forget your administrator’s password, Magento will send it to your email. Make sure you use an email address that is not publicly known, that has a secure password, and that is linked to a security question that it would be impossible for someone to guess.

Use SFTP
Guessing and intercepting FTP passwords is one of the oldest hacker tricks in the book. Make sure that you are using secure passwords and SFTP (SSH File Transfer Protocol). You can also use public key authentication for an even more secure Magento site.

Restrict Admin Access
You should restrict administrative access to only approved IP addresses. This can make things a challenge if you travel a lot, but it is an effective way to close one of the most vulnerable entry points to your site.

We have good news and bad news. You now have a much more secure Magento site, but that doesn’t mean it’s secure from all or even the most pressing threats. For the highest levels of protection, partner with a managed services hosting company that can provide you with 24/7 monitoring and powerful tools to protect you and your customers.

answer Sep 16, 2015 by Rahul Singh
0 votes

Best practices for Magento includes:::

Using a strong password and changing them at regular interval
Disable remote access to Magento Connect Manager
Disable Downloader on production sites
Restrict access to safe IP addresses

answer Nov 28, 2015 by Devyani
0 votes

It can be secure by doing some task ie. choose the strong password with character, numerical and with special symbols. change the password when needed, use the private email id, restrict access through the IP addresses.

answer Jul 7, 2016 by Magento_ocodewire
...