Have you ever thought about your Magento store security? More and more sites, including those on Magento are hacked today. And guess what? The most widespread reason is nonchalance of their owners. They use simple passwords, store them in easily accessible places, send via different messengers… In this article you will find some basic techniques that will turn your store in a safe and help you to save all the important information.
- Set a strong password. “Strong” means that it consists of at least 8 characters, includes upper and lowercase letters as well as numbers and special characters. In other words, don’t use the word “password” for the password. So forget all your pass123- and qwerty-like passwords and generate something really hard. There are passwords generators available but you can also use your imagination.
- Don’t save your password in browsers or files on your computer. There is no point in inventing a good password and putting it in front of hackers. Instead you can use special programs for saving passwords (like KeePass) or your brain. The latter option is quite challenging as we all fail to remember important info from time to time.
- Use two-factor authentication. Having a good password is great but why not to make the login process even stronger? You can connect your store with your phone and use two-factor authentication. This means that you need an additional code to login to the admin panel, this code is sent to your phone. Google and many other services are offering such 2 step authentication and encourage their clients to use it.
- Change the address of your login page. By default Magento login page is found at /admin. This means each user can reach this page and try to guess your login and password. By changing the address of that page you “hide the door” to the backend. You can choose something like /yourpetname, /lkmnuytrgh7 or something like that. But again, don’t forget it yourself.
- Restrict IP addresses that can access your admin panel. Set the address of your computer and only you will be able to access the login page, other users will be given a 403 page. There is no limit of allowed IP addresses, so if you have multiple ones, include all of them. IP restriction can be implemented via your .htaccess file or with the help of third party extensions.
- Check the access logs on your hosting to see who comes to your site. Here you will also notice all the possible attacks and stop them. Regular logs check will help you maintain healthy state of your Magento store.
As you can see, all the listed things are not hard to do but many site owners still ignore them before it’s too late and their site is hacked. Remember that it’s better safe than sorry.