Magento Expert Forum - Improve your Magento experience

Page 1 of 2 12 LastLast
Results 1 to 20 of 21

How to make sure my magento is good security?

  1. #1

  2. The Following User Says Thank You to ccvv For This Useful Post:

    jaredovi (22-03-2013)

  3. #2
    Administrator david's Avatar
    Join Date
    Nov 2012
    Posts
    260
    Thanks
    22
    Thanked 37 Times in 31 Posts

    Default

    Internal security is check and care by magento already so you don't have to worry about that but to make sure security of your server is a big area to discuss. If you hire shared hosting, they will take care it for you. If you configure server yourself then everything you need is make all password protected in good way and make sure your login always via https.

    But I guess you will care only about website front end attack, I can make sure it should be fine with magento

  4. The Following User Says Thank You to david For This Useful Post:

    jaredovi (22-03-2013)

  5. #3
    Junior Member jaredovi's Avatar
    Join Date
    Mar 2013
    Posts
    69
    Thanks
    2
    Thanked 10 Times in 8 Posts

    Default

    Yea, it should be fine to use google webmaster tool.

  6. #4
    Administrator david's Avatar
    Join Date
    Nov 2012
    Posts
    260
    Thanks
    22
    Thanked 37 Times in 31 Posts

    Default

    Oh, what do we do with google webmastertools?

  7. #5
    Administrator david's Avatar
    Join Date
    Nov 2012
    Posts
    260
    Thanks
    22
    Thanked 37 Times in 31 Posts

    Default

    Heheh, I think jaredovi just drink too much

  8. #6
    Moderator shunavi's Avatar
    Join Date
    Mar 2013
    Posts
    130
    Thanks
    10
    Thanked 29 Times in 15 Posts

    Default

    Webmaster tool can detect some security problem of your site and notice very good, so that if magento already take care internal security itself then outside we can use google web master tool. But the real security need to be take care manual by us.

  9. #7
    Junior Member phuc2x's Avatar
    Join Date
    Mar 2013
    Posts
    18
    Thanks
    1
    Thanked 2 Times in 2 Posts

    Default

    Yes, we should do like that for easy care about security

  10. #8
    Junior Member balwant's Avatar
    Join Date
    Jul 2014
    Posts
    107
    Thanks
    1
    Thanked 5 Times in 5 Posts

    Default

    Here are some tips every magento store owner must know to make make his/her magento store is secure :

    When you're choosing your Magento site's administrator passwords, choose wisely : Do not use your Magento password with any other web services (such as email) or any other sites (such as Twitter, Facebook, Flickr, etc.). Third-party sites may not require or even support HTTPS/SSL to login, breaking rule number two. In the event that a third-party website is hacked, your password may be vulnerable.

    Use a custom admin path :By default, you access your Magento admin panel by going to your-site.com/admin. Having the path to your admin panel path easily guessable means that someone or something (i.e. a password-guessing robot) can snoop around and try to guess your password. By having your admin path be a secret code word instead of the default /admin, you can prevent users from guessing your password or using it if they do somehow get a hold of your password.

    Magento has a really convenient feature that allows administrators to reset their password if forgotten. In order to reset your password, you need to know the email account associated with the account. Then you need access to that email account to retrieve the new password. First, choose an email address that is not publicly known. Second, make sure the password for your email account is secure. Third, make sure that if your email account has a security question that allows you to reset your password, you choose a question and answer that is so obscure that it would be impossible to guess.

    Use secure FTP

    Don't save passwords on your computer : This is great most of the time, but can be a security problem because often saved passwords can be easily revealed in plain text. Anybody with access to the computer has access to the sensitive data. Even worse, someone could steal the computer and then use the saved passwords to access the sensitive data. To avoid unintended access to your Magento password or data, simply set your computer or browser to never save it— this might be a bit inconvenient, but it's a great security policy

    Keep up-to-date anti-virus software

    more information just visit over : www.ilovemage.com

  11. #9
    Junior Member
    Join Date
    Jun 2014
    Posts
    121
    Thanks
    10
    Thanked 10 Times in 8 Posts

    Default

    Quote Originally Posted by ccvv View Post
    Hi guys, I am wondering how we can sure my magento site is best security? Maybe there are some tools we can check?

    Thanks
    You can try some SEO tool, for instance check out this tool. It will analyze your site and provide all details with clear reports.

  12. #10
    [ Contributor ] Wajid Hussain's Avatar
    Join Date
    Nov 2014
    Posts
    206
    Thanks
    3
    Thanked 6 Times in 6 Posts

    Default

    Hi,

    Recently I write article on Magento Security, In this article I discuss 7 points. With this 7 points you can improve your Magento Store Security

    Here are the link of article: http://newsgento.com/7-tips-to-impro...tore-security/

  13. #11
    Junior Member
    Join Date
    Feb 2015
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Would recommend to check the permissions first. Also there's a nice post on Magento security in aheadWorks blog.

  14. #12
    Junior Member
    Join Date
    Apr 2015
    Posts
    109
    Thanks
    0
    Thanked 8 Times in 8 Posts

    Default

    your website must be secure with SSL certificate.

  15. #13
    Junior Member Jim Anson's Avatar
    Join Date
    Jun 2015
    Posts
    71
    Thanks
    0
    Thanked 1 Time in 1 Post

    Default

    I think it is essential that you make sure that 24/7 customer or technical service is available that can help you with your queries.

  16. #14
    Junior Member kanesimicart's Avatar
    Join Date
    Jul 2015
    Location
    CA, USA
    Posts
    54
    Thanks
    1
    Thanked 2 Times in 2 Posts

    Default

    MAGENTO SECURITY ALERT REGISTRY

    Your security is our primary concern. Occasionally our security, and yours, can be affected by outside forces. If that happens, we endeavor to make you the first to know.

    Join Magento's Security Alert Registry to get the latest information on all potential vulnerabilities.

    As part of our ongoing commitment to excellence in platform security and performance, we periodically release patches that address specific issues and update the code. We recommend that you install any security-related patch as soon as possible:

    Learn more about the latest patches for Magento Community Edition and Magento Enterprise Edition

    Read more : http://magento.com/security

    Mageno security as well as my dilemma : Home Page

  17. #15
    Junior Member ExtensionsMall's Avatar
    Join Date
    Jan 2016
    Posts
    10
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    I am so glad when I see someone asking this question. I have spent the last two years of my life trying to convince website owners that they need to take the security of their website seriously. Magento is a fairly secure platform, but only if it is patched regularly and adequate security measurements have been taken. Unfortunately many owners of online stores find security measurements too complicated to implement, or their hosting companies give them the false sense of security. And often, by the time they realize that the store has been hacked, everything has already gone to sh*t.
    Our company is currently developing the security extension that we hope will change the way people perceive Magento security.

  18. #16
    New member
    Join Date
    Jan 2016
    Location
    New Delhi
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Hello Friends,


    According to e Marketer’s latest forecasts, worldwide business-to-consumer (B2C) ecommerce sales will increase by 20.1% this year to reach $1.500 trillion. E-commerce world is growing rapidly, and it’s natural that thousands of dedicated servers working 24/7 or private information, including financial data, are a honeypot for hackers. And this data can easily trap into villains’ hands if you won’t stick to the Magento security rules.

    In this article we will dig into the most relevant and timely security points for Magento.

    Hackers breach e-commerce websites:

    to use it for phishing;
    to use it for email spam;
    to deface or damage your site:
    to steal information they can use to their advantage.

  19. #17
    Junior Member ExtensionsMall's Avatar
    Join Date
    Jan 2016
    Posts
    10
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Another critical vulnerability was disclosed and many of Magento websites were at risk. Many still are, despite the patch being released. I hope that was a tipping point for people to realize that website security requires a plan. Check out the new Security Extension MageFence with a great number of very useful features: scan for malware, scan files for changes, block brute force attacks and verify Magento security patch installation with 100% certainty.

  20. #18
    Junior Member
    Join Date
    Jun 2015
    Posts
    571
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Default

    1. Use only the latest Magento version
    2. Use two-factor authentication
    3. Use a custom path to the admin panel
    4. Use an encrypted connection (SSL/HTTPS)
    5. Use Secure FTP
    6. Do not set file permissions to 777
    7. Carry out regular Magento backups
    8. Disable directory indexing
    9. Choose strong passwords
    10. Never reuse admin Magento password anywhere else
    Read more : http://www.magesolution.com/blog/

  21. The Following User Says Thank You to Magento Nguyen For This Useful Post:

    ExtensionsMall (21-03-2016)

  22. #19
    Junior Member ExtensionsMall's Avatar
    Join Date
    Jan 2016
    Posts
    10
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by Magento Nguyen View Post
    1. Use only the latest Magento version
    2. Use two-factor authentication
    3. Use a custom path to the admin panel
    4. Use an encrypted connection (SSL/HTTPS)
    5. Use Secure FTP
    6. Do not set file permissions to 777
    7. Carry out regular Magento backups
    8. Disable directory indexing
    9. Choose strong passwords
    10. Never reuse admin Magento password anywhere else
    Read more : http://www.magesolution.com/blog/
    I 100% agree with all of the above. You can check out the newly released Two-Step Verification security module by Extensions Mall, that helps you implement two-factor authentication method to your Magento Admin Panel login.

  23. #20
    Junior Member
    Join Date
    Sep 2016
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    SSL certificate is must for website scurity .. If your website is not secure with SSl certificate then you should try SSL certificate...

    Corporate Gift Ideas | Customized Pen Drives

Page 1 of 2 12 LastLast

Similar Threads

  1. What type of VPS is good for Magento site?
    By frerika in forum Magento VPS
    Replies: 15
    Last Post: 08-04-2017, 11:56 AM
  2. Replies: 81
    Last Post: 15-03-2017, 01:50 PM
  3. Basic steps for magento security
    By londondaily in forum Security
    Replies: 5
    Last Post: 30-12-2016, 10:39 AM
  4. How to make your magento website Trust and Loyalty?
    By jaredovi in forum Magento Marketing and Sale tips
    Replies: 2
    Last Post: 19-03-2015, 10:02 AM
  5. How to Make an Order in Magento
    By linh in forum Webmaster & Administrator
    Replies: 2
    Last Post: 09-04-2013, 06:43 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •