Hi guys, I am wondering how we can sure my magento site is best security? Maybe there are some tools we can check?
Thanks
Printable View
Hi guys, I am wondering how we can sure my magento site is best security? Maybe there are some tools we can check?
Thanks
Internal security is check and care by magento already so you don't have to worry about that but to make sure security of your server is a big area to discuss. If you hire shared hosting, they will take care it for you. If you configure server yourself then everything you need is make all password protected in good way and make sure your login always via https.
But I guess you will care only about website front end attack, I can make sure it should be fine with magento
Yea, it should be fine to use google webmaster tool.
Oh, what do we do with google webmastertools?
Heheh, I think jaredovi just drink too much :)
Webmaster tool can detect some security problem of your site and notice very good, so that if magento already take care internal security itself then outside we can use google web master tool. But the real security need to be take care manual by us.
Yes, we should do like that for easy care about security
Here are some tips every magento store owner must know to make make his/her magento store is secure :
When you're choosing your Magento site's administrator passwords, choose wisely : Do not use your Magento password with any other web services (such as email) or any other sites (such as Twitter, Facebook, Flickr, etc.). Third-party sites may not require or even support HTTPS/SSL to login, breaking rule number two. In the event that a third-party website is hacked, your password may be vulnerable.
Use a custom admin path :By default, you access your Magento admin panel by going to your-site.com/admin. Having the path to your admin panel path easily guessable means that someone or something (i.e. a password-guessing robot) can snoop around and try to guess your password. By having your admin path be a secret code word instead of the default /admin, you can prevent users from guessing your password or using it if they do somehow get a hold of your password.
Magento has a really convenient feature that allows administrators to reset their password if forgotten. In order to reset your password, you need to know the email account associated with the account. Then you need access to that email account to retrieve the new password. First, choose an email address that is not publicly known. Second, make sure the password for your email account is secure. Third, make sure that if your email account has a security question that allows you to reset your password, you choose a question and answer that is so obscure that it would be impossible to guess.
Use secure FTP
Don't save passwords on your computer : This is great most of the time, but can be a security problem because often saved passwords can be easily revealed in plain text. Anybody with access to the computer has access to the sensitive data. Even worse, someone could steal the computer and then use the saved passwords to access the sensitive data. To avoid unintended access to your Magento password or data, simply set your computer or browser to never save it— this might be a bit inconvenient, but it's a great security policy
Keep up-to-date anti-virus software
more information just visit over : www.ilovemage.com
You can try some SEO tool, for instance check out this tool. It will analyze your site and provide all details with clear reports.
Hi,
Recently I write article on Magento Security, In this article I discuss 7 points. With this 7 points you can improve your Magento Store Security :)
Here are the link of article: http://newsgento.com/7-tips-to-impro...tore-security/
Would recommend to check the permissions first. Also there's a nice post on Magento security in aheadWorks blog.
your website must be secure with SSL certificate.
I think it is essential that you make sure that 24/7 customer or technical service is available that can help you with your queries.
MAGENTO SECURITY ALERT REGISTRY
Your security is our primary concern. Occasionally our security, and yours, can be affected by outside forces. If that happens, we endeavor to make you the first to know.
Join Magento's Security Alert Registry to get the latest information on all potential vulnerabilities.
As part of our ongoing commitment to excellence in platform security and performance, we periodically release patches that address specific issues and update the code. We recommend that you install any security-related patch as soon as possible:
Learn more about the latest patches for Magento Community Edition and Magento Enterprise Edition
Read more : http://magento.com/security
Mageno security as well as my dilemma : Home Page
I am so glad when I see someone asking this question. I have spent the last two years of my life trying to convince website owners that they need to take the security of their website seriously. Magento is a fairly secure platform, but only if it is patched regularly and adequate security measurements have been taken. Unfortunately many owners of online stores find security measurements too complicated to implement, or their hosting companies give them the false sense of security. And often, by the time they realize that the store has been hacked, everything has already gone to sh*t.
Our company is currently developing the security extension that we hope will change the way people perceive Magento security.
Hello Friends,
According to e Marketer’s latest forecasts, worldwide business-to-consumer (B2C) ecommerce sales will increase by 20.1% this year to reach $1.500 trillion. E-commerce world is growing rapidly, and it’s natural that thousands of dedicated servers working 24/7 or private information, including financial data, are a honeypot for hackers. And this data can easily trap into villains’ hands if you won’t stick to the Magento security rules.
In this article we will dig into the most relevant and timely security points for Magento.
Hackers breach e-commerce websites:
to use it for phishing;
to use it for email spam;
to deface or damage your site:
to steal information they can use to their advantage.
Another critical vulnerability was disclosed and many of Magento websites were at risk. Many still are, despite the patch being released. I hope that was a tipping point for people to realize that website security requires a plan. Check out the new Security Extension MageFence with a great number of very useful features: scan for malware, scan files for changes, block brute force attacks and verify Magento security patch installation with 100% certainty.
1. Use only the latest Magento version
2. Use two-factor authentication
3. Use a custom path to the admin panel
4. Use an encrypted connection (SSL/HTTPS)
5. Use Secure FTP
6. Do not set file permissions to 777
7. Carry out regular Magento backups
8. Disable directory indexing
9. Choose strong passwords
10. Never reuse admin Magento password anywhere else
Read more : http://www.magesolution.com/blog/
I 100% agree with all of the above. You can check out the newly released Two-Step Verification security module by Extensions Mall, that helps you implement two-factor authentication method to your Magento Admin Panel login.
SSL certificate is must for website scurity .. If your website is not secure with SSl certificate then you should try SSL certificate...
Book Ad in Newspaper | Newspaper Ad Agency in Lucknow