Magento Expert Forum - Improve your Magento experience
which is the best way to increase magento security?
I want to know which is the best way to increase the security of magento site?
View more threads in the same category:
Here are some of the security best practices according to Magneto:
- Always use the latest version of Magento
- Make sure to install all the security patches for your version of Magento
- Change the default Admin Panel URL (/admin) to the custom one that is not easily guessable
- Use strong password and protect your admin login with Two-Factor Authentication.
- Change the default Magento Connect Manager location (/downloader)
- Check periodically for unauthorized Admin users
- Check the Admin Actions Log for suspicious activity (Enterprise feature only)
- Use a file and data integrity checking tool to receive notification of any potential malware installation.
- Monitor all system logins for unexpected activity, uploads, or commands.
As you can see it's a pretty long list.
That being said, there is an extension that can help you implement all of these best security practices very easily, and it doesn't require you to be tech-savvy. It is a unique, well-rounded security solution for Magento that keeps your website safe from the most common security threats. This module is called MageFence It acts as an additional layer of protection around your system, blocking brute force attacks and other hack attempts.
It also scans your website internally on regular basis and notifies you about any potentially unwanted changes. MageFence offers variety of features that help you keep your website protection up-to-date, end implement the best security practices. Magefence performs a security audit of your Magento website looking for security issues, not only vulnerabilities, which is the case with majority of Magento health checks currently available, but for actual problems and malware infections of your website. The Checklist feature allows you to easily find out if your website has been hacked, which security patches are not installed, are there any changed files or unauthorized users with admin privileges.
Here is a brief overview of MageFence features:
- MageFence performs a deep and complete scan looking for malicious code and alerts you immediately if it finds any sign of malware infection.
- Scans on regular basis for file changes. MageFence alerts you about all detected changes and gives you a list of all changed and new files.
- Set the time of the scan: MageFence allows you to schedule the scan so it doesn’t interfere with your website’s optimal performance.
- Set the frequency of the scan: Take your Magento website protection to a higher level with more frequent scans, or
- Detect unauthorized admin users:MageFence scans the database and detects users with admin privileges created without authorization.
- Know what’s going on, even when you are not around: You have the option to receive an e-mail notification every time a user with admin privileges logs in.
- Everything summarized in a few lines: MageFence offers you incredibly Useful Checklist feature that allows you to see an overview of security status of your Magento, potential issues and recommended actions.
- Changing Admin Panel URL easily! With MageFence all you need to do is to type your new custom Admin Panel URL into the specified field and hackers will be prevented from easily finding your Admin Panel location.
- Protect the back door to your Magento Admin Panel: Magento Connect Manager is used to conveniently install extensions to your Magento, but it can also present a point of entry for hackers.
- You don’t have to disable Magento Connect Manager to protect your website, MageFence allows you to easily change Magento Connect Manager URL to a custom one, and keep the functionality.
- Lock out IP after too many failed login attempts: Set the allowed number of login failures and MageFence will lock out an IP address of anyone who exceeds this number for a specified amount of time
- No second chance for intruders: Anyone who tries to log in using the wrong user name will be immediately locked out, and you will be notified about the incident.
- Don’t lock yourself out: MageFence gives you an option to add certain IP addresses to the “white list” to prevent them from getting locked out. That way, MageFence will always know it is you trying to log in, even if you enter the wrong password/username.
- Keep you protection up-to-date: MageFence extension gives you the list of all Magento security patches you have installed, as well as the ones you are missing.
- Stay on track with latest security measures: This extension connects to our server, which ensures you will always be notified of the latest security trends and updates.
- MageFence now comes with the Two-Factor Authentication extension included in price.
For more detailed description of this advanced security extension visit the MageFence page on ExtensionsMall website: http://www.extensionsmall.com/mage-fence-security.html
or on Magento Connect https://www.magentocommerce.com/mage...magefence.html
You can also read this article about the ways to protect your website recommended by Magento security team.
Sorry for the long post, but Magento security is a complicated issue. Hope I've helped
The Following User Says Thank You to ExtensionsMall For This Useful Post:
Thank you buddy. You explain every way to increase security of Magento Site.
Tags for this Thread