• Home
  • Blog
  • 15 Life Hacks to Improve Magento Store Security

15 Life Hacks to Improve Magento Store Security

  • By Indian Magento Experts 16 August, 2016 0 Comments

    The information in the form of article will help to those who want to make your Magento Store secure. As it appears to be that there there are 15 life hacks to improve Magento Store. If you religiously follow those safe methods, it will certainly remove your worry in regard of your personal data and business.

    Lets ponder over the motive of the hackers with respect to E-commerce, the most palpably reasons are given below.

    Personal data

    The very nature of the attack is to extract customer’s personal data.

    Deface

    The unique thing of this trickery is to change the front page of your storeThis one will just change the front page of your store. The immediate effect(DDoS) will be disastrous as your store will down. The consequence is telling in the sense that your store starts malfunctioning that will have direct effect on your revenue

    Lifehack #1. Files and Folders permissions

    It is advisable that you ought to give minimum required permission to your file. Not doing this will invite hacker scripts that will easily modify files/folders and gain access server and help hackers to executes command remotely. In this process hackers will get full control to the server.

    So the security in Magento is in the following way:

    Step 1. SSH to your server
    Step 2. Execute the following commands:

    Lifehack #2. Block requests to any external ports via firewall

    In a normal practice for LAMP stack you need to allow connections to the following ports:

    • Port 22 for ssh
    • Port 3306 for MySQL
    • Port 80 for HTTP
    • Port 443 for HTTPS

    Lifehack #3. Use two VPS nodes: one for php application and another one for the MySQL database

    This will help you for much needed enhance performance and that will ultimately shield you from malicious hackers attack. A simple explanation is given below.

    In the two nodes setup there are 2 important security life hacks:

    1) Use the private network connection (in case if the Application and Database servers are located in one data center).

    2) Allow connection from the application server’s private network IP.

    This solution is good to thwart any malicious design. For example, in regard of DDoS , attack the attackers don’t know your DB server’s IP and and hence they cannot do any harm to your database server.

    Lifehack #4. Change the default admin path of your magento store

    It is as easy as changing your app/etc/local.xml settings in this section:

    Lifehack #5. Choose a complex admin password

    It was revealed by statics that that 69% of hacks were possible because of the weak admin passwords. If your password happens to be short , there is every chance that the hackers will break your password and attacker will easily compromise your store.So pay attention to the tips mentioned aforesaid to prevent hacking.

    Lifehack #6. Protect your admin folder

    In order to make your admin, more, secure, you should edit the: path/to/magento/admin/.htaccess

    Lifehack #7. Safe guard your downloader folder

    This directive in the root .htaccess file will automatically redirect all of the requests to the path/to/magento/downloader folder to 404 page.

    Another thing of doing this is adding the following to the path/to/magento/downloader/.htaccess

    Where 1.2.3.4 and 5.6.7.8 are IP addresses you want to let through.

    If you are using nginx server – add the following to your /etc/nginx/sites-enbled/yourdomain.conf

    Lifehack #8. Install the latest magento security patches

    If you are not sure which patches are already installed – you can always use MageReport to find it out.

    Lifehack #9. Disable dangerous PHP functions

    To avoid dangerous functions, be sure to add the following rule to your php.ini file in path/to/magento/php.ini: disable_functions = proc_open,phpinfo,show_source,system,shell_exec,passthru,exec,popen

    Lifehack #10. Use secured HTTPS connection for all of you login pages

    You should use encrypted connection so that it prevents you the risk of being interpreted your username and password by the hacker while you are using it

    Eliminate that possibility by requiring HTTPS/SSL in Magento.

    Lifehack #11. Use anti-virus software to scan your web shop for viruses

    Here at Indian Mangento Experts, we usually use, php-clamav library to regularly check our customer’s stores for viruses. It helps to prevent stores from being hacked in advance.

    Lifehack #12. Backup your data is indispensable

    Unpredictability as it may in case of your E-commerce store with respect to your data i.e. source code+data). In order to keep your e-Commerce Store safe, you need to take backup regularly.

    Lifehack #13. Configure the proper logging

    Despite logs have no relation to security, it has immense helpful to us as its points out anomaly of your E-commerse store and it information help us to fix the bugs after you have got your magento shop back online.

    Lifehack #14. Use trusted extensions from famous extension providers

    It is imperative that you ought to use Trusted extension providers. It surely guarantees you of security and quality of their products. Beware of third party vendors,as their quality sometimes may not guarantee you neither security nor performance.

    Lifehack #15. If you are using shared hosting – choose magento focused hosting provider

    The following inference is completely based on experience.
    If you choose to have shared hosting, it is better to work with magento focused hosting providers.

    This is proven fact that their services are always performance and security optimized and this is specially for Magento.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    *