25 Security Checks (and best practices)
Hey all! A couple of months ago I produced a YouTube Tutorial covering security tips for Magento 2. You can view the video here: https://youtu.be/k_R3U0feKF4.
I'm not sure that it's truly aimed at Magento Experts, but I think anyone new to Magento 2 will find value. Plus, most of them are easy to address. To summarise, these were the points that I covered:
- Backup your store
- Use a Firewall
- Change your Admin URL
- Disable multiple computer logins
- Use SSL on your backend
- Use strong Admin Passwords
- Limit Admin Users access
- Don’t share User logins
- Don’t use obvious login names
- Limit Admin session times
- Force password updates
- Use case sensitive logins
- Remove old users
- Check for new admin users
- Saving passwords
- Avoid running other software on your server
- Don’t save your password in FTP Programs
- Look after your machine security
- 3rd Party Support
- Update your Extensions
- Update your Magento
- Magereport
- Magento Security Scan
- Choose a reputable Web Hosting Service
- Create a disaster recovery plan