Hey all! A couple of months ago I produced a YouTube Tutorial covering security tips for Magento 2. You can view the video here: https://youtu.be/k_R3U0feKF4.

I'm not sure that it's truly aimed at Magento Experts, but I think anyone new to Magento 2 will find value. Plus, most of them are easy to address. To summarise, these were the points that I covered:

  1. Backup your store
  2. Use a Firewall
  3. Change your Admin URL
  4. Disable multiple computer logins
  5. Use SSL on your backend
  6. Use strong Admin Passwords
  7. Limit Admin Users access
  8. Don’t share User logins
  9. Don’t use obvious login names
  10. Limit Admin session times
  11. Force password updates
  12. Use case sensitive logins
  13. Remove old users
  14. Check for new admin users
  15. Saving passwords
  16. Avoid running other software on your server
  17. Don’t save your password in FTP Programs
  18. Look after your machine security
  19. 3rd Party Support
  20. Update your Extensions
  21. Update your Magento
  22. Magereport
  23. Magento Security Scan
  24. Choose a reputable Web Hosting Service
  25. Create a disaster recovery plan

View more threads in the same category: