Top 10 Security Tips to Protect Your Magento Store from Hackers

Blog, Other No Comments

Despite the increasing built-in security, popular e-Commerce forums like WordPress and Magento are always at the risk of cyber crime. Advanced security measures are required to protect websites from hackers along with making administrative processes easier and lesser complex. Here are some simple security techniques for protecting your Magento store from the hackers.

1. Be tricky with your admin username and password

The most fundamental way to protect any account or website is to protect your username and password. You can be tricky with your Magento password to protect website from hackers by using the following tips.

  • Your password should be at least 15 characters or more for making it defensive against hacking.
  • Use uppercase letters, punctuations, numbers and lowercase letters in your password.
  • Never use personal information or information relating to your life in any way in your password.
  • Install Password Manager Application to protect your password.
  • Avoid using the Magento username and password anywhere else.

2. Customize your admin path

Do you know that there are many software in the market which can guess your admin path within eight microseconds. The admin path of any website is abcwebsite.whatever/store/admin. Keep the base admin URL but change the link to it. For example you can change it to abcwebsite.whatever/store/FuvDGl.

In order to change your admin path, go to local/app/etc.xml and locate “<!CDATA[admin]]” and change ‘admin’ to the word of your choice. This way, the location of your admin panel becomes almost impossible to guess.

3. Use HTTPS or SSP

To keep online transactions and communications protected on a Magento Store, you will need to get an SSL (Secure Sockets Layer) certificate that validates your domain name and once it is installed on a web server, the whole website will be accessible over HTTPS (HTTP over SSL) connection. Hence, you should use HTTPS/SSL to provide a safe online shopping experience to your customers, which will help you in earning more trust and confidence. You can obtain affordable SSL certificate from authorized SSL provider and install it properly on Magento store.

  • Go to Main Toolbar, click System and then Configuration.
  • With left hand navigation, click ‘Web’ tab and click Secure in the new navigation window.
  • From here, change the URLs from HTTP:// to HTTPS://
  • Go to ‘Use secure URLs in Admin’ and ‘Use secure URLs in the front-end’ and click ‘Yes’ on both.
  • Click on Save Configuration to apply the new settings to the URLs.

4. Keep your Magento and operating system updated

Operating systems and software keep upgrading their versions in order to provide you more protections against new techniques of hacking. To protect website from hackers and malicious users, keep your operating system and Magento updated. Make sure that your server software is also updated and all the latest security settings are applied to it. If you are not able to update and secure your Magento CMS on your own, you can always look up to the best Magento development services, some of the reputed companies providing these services are:

  1. TIS India
  2. Magentoguys
  3. Ossmedia

5. Restrict foreign access to your Magento store admin

The Magento stores of all the manufacturers or retailers are operated by specific users only. You can restrict foreign access to the Magento store by creating a whitelist of specific IP addresses. You can either use .htacess for changing the settings or choose the easier technique of Apatche Directive Location March. Here is the setting:

<LocationMatch “admin”>
Order Deny, Allow
Deny from All
Allow from

The given is a sample address. Change it to your IP address. Don’t forget to change the admin to your desired code as explained in the second point.

The only problem with this setting is that you will have to change the IP address every time you change the store admin or want to log in from any other computer which is not included in the whitelist of IP addresses.

6. Use secure FTP

FTP facility was produced during the initial times of internet but due to improving advance hacking, there is Secure FTP or SFTP to protect your password. For transferring or copying the files, always use SSH File Transfer Protocol or Explicit AUTH TLS. If you are still concerned about the security of your Magento store, use Public Key Authentication along with SFTP to protect website from hackers.

7. Always update your password after providing admin access to anyone

Hacking comes where there is trust. For keeping your website safe, it is important to give your admin password to as less people as possible. If you have worked with internal or external developers or shared the password with someone for any minor or major job, make sure to change the password after the job is completed. All the protective measures are in vain if you have outsourced the admin access and left the password unchanged.

8. Use secure email

People use usernames or email addresses to login the admin panel. The usernames are also associated with an email. All the software including Magento give the option of retrieving the password with ‘Forgot Password’ option, which sends the password reset settings to the email address. If the hackers are unsuccessful in hacking the store, they may hack the email address to gain access to the admin panel.

Most of the companies create login email address with company name. A secure email ID can save you from the trouble of indirect hacking.

9. Change the file permissions

For greater security even after basic hacking, restrict the permission to change the settings of files and folders. Change the file permission to 644 from 666 and folder permission to 755 from 777. Go to SSH and type the following:

Find. –type d –exec chmod 775 {} \?

Find. –type d –exec chmod 644 {} \?

10. Use a more secure Hosting for your Magento store

A good way to protect website from hackers is to use Cloud Hosting, Virtual Private Server or Dedicated Server Hosting. Instead of using the personal hosting storage, the VPN Cloud Hosting or DSH offer advance security for low rates including firewall application for protecting against MySQL injections and blockade applications against malicious users. Choose a highly supportive and well-reputed hosting service to make sure that your Magento store is more protected and your weekends are more pleasurable.

Another important tip is to regularly make backup data so that you don’t lose your data in any tragic situation. Once you have prepared to protect website from hackers, you can peacefully concentrate on your business and income flow but remember that hacking is continually advancing and with every passing day, you need to be more defensive against improving techniques of hacking.

We really appreciate you for visiting PremiumCoding and reading this article! Now you might also want to check out our Themes here.
Written by PremiumCoding