Are you really worried about your security of Magento store?
Magento is now leading ecommerce platform. It has become a force to be reckoned with in the e-commerce industry because of its regularly updated rich features.
Even though Magento has number of built-in security features aimed at keeping your store safe, there are some steps you can take to make your store even more safe and sound.
Here are few simple but effective tips to protect your site from hackers and security breaches.
1.Improve security of admin panel using customized admin url
Generally, you access your Magento admin panel by going on www.youdomain.com/admin, which is very easy for hackers and security breaches. They can easily get into the admin login page and guess your passwords. In order to avoid it, Make changes in your admin path by using following steps:
- Locate /app/etc/local.xml
- Find [CDATA[admin]]
- Replace the term admin with your desired word or code
2.Safeguard your Magento store with strong Password
When it comes to choosing your store’s admin password it must be chosen wisely. Some guidelines for creating a really safe and strong password are:
Refresh store admin passwords every 3-6 months, force all of your store administrators to do so as well
Delete administrator accounts that are no longer in use
Make sure to use at least 10 special characters for creating secure password
Mix lower and upper case, punctuation and numbers
3. Make use of Safe and sound FTP
If you want your website to remain secure, it is essential that you use SFTP (SSH File Transfer Protocol) in which a private key file is used for de-encryption or authenticating a FTP user. Also you should use a safe, strong and difficult password for FTP.
4. Upgrade Magento to latest version
Your Magento store consistency is very important. Latest versions of Magento fix security issues of the preceding ones; therefore, it is quite important to stay informed about the latest Magento version and once a stable release is out, get it tested and implemented with your Magento store.
5. Beware of email loopholes
Magento has a really convenient feature that allows administrators to recover and reset their store password through pre-configured e-mail address if forgotten. But if that e-mail ID gets hacked, your Magento store becomes susceptible and vulnerable so make sure that the e-mail address you use for Magento store is not publicly known.