Keeping Magento secure¶

Magento is a popular e-commerce platform, used by a large number of online shops. As a popular platform, it is often targeted by malicious actors, so it’s important to keep your Magento installations secure.

If you plan on using Magento as your e-commerce platform, the following resources should provide all the information you need to stay secure:

The official Magento Security Center is provided by Magento, and includes all security updates directly from them. They also have many guides and further information, such as Magento Security Best Practices and Protect your Magento Installation from Password Guessing.

3rd party tools such as MageReport Scanner let you run scans on your sites, which should help you find and fix potential vulnerabilities, before they become problems.

Some of the key points to consider in order to keep your Magento site secure are:

• Keep Magento and any extensions up to date, and make sure to install any security updates available

• Change the default admin username, and use a strong password. Consider adding a 2-factor authentication extension for added security

• Change your default Admin URL.

• Consider securing your file permissions. Magento provide guides for Magento 1.x and Magento 2.0. Do bear in mind that the file permissions you should use depend on which version of Magento you’re running, and whether you’re running on a dedicated Magento host or a shared environment like WHM/cPanel or Plesk. Please do refer to the appropriate official documentation for your setup before making changes.

• Have a disaster recovery plan, and make sure to take regular backups which you can restore your site from, should you be attacked. Speak to your UKFast account manager or raise a support ticket via MyUKFast if you need help with establishing an appropriate backup regime.