If you want to keep your online store safe from ever-evolving cyber threats, follow these simple steps to lead you to a more secure Magento site.
Choose a Strong Password
It should go without saying, yet it can’t be stressed enough. Relying on a weak password is like leaving your keys in your front door. Also, check your configurations and permissions to make sure that this password doesn’t also provide access to customer information.
Require an Encrypted Connection
Never send data over an unencrypted connection. Unless you have configured Magento to use secure logins, you might be more vulnerable to hackers than you think. You can require that login information be sent over a secure connection by changing your setting in the system configuration menu.
Obscure Your Admin Path
If the path to reach your admin panel is “your-site.com/admin”, you’ve made it incredibly easy for hackers and password-guessing robots to guess your password. Instead of having the address end in “admin”, choose another word that only you and approved parties know.
Use a Private Email
If you forget your administrator’s password, Magento will send it to your email. Make sure you use an email address that is not publicly known, that has a secure password, and that is linked to a security question that it would be impossible for someone to guess.
Guessing and intercepting FTP passwords is one of the oldest hacker tricks in the book. Make sure that you are using secure passwords and SFTP (SSH File Transfer Protocol). You can also use public key authentication for an even more secure Magento site.
Restrict Admin Access
You should restrict administrative access to only approved IP addresses. This can make things a challenge if you travel a lot, but it is an effective way to close one of the most vulnerable entry points to your site.