Want to know all about the latest security measures you can be taking (and should be taking!) to protect your ecommerce site? We wrote a blog about it on Webscale. Visit their blog to read the full article.
Magento Security – 7 Steps to Lock Down Your Ecommerce Site
Cyber crimes are on the rise and like all ecommerce platforms, Magento websites are a prime target due to the personal and private nature of customer data kept on file. As most business owners are well aware, the impact of a security breach can destroy the reputation of an ecommerce business and devastate a company financially. Luckily, Magento merchants don’t have to go it alone.
The Magento Security Model
Magento takes a shared responsibility approach, meaning that the merchant isn’t solely responsible for security of the system. Magento provides security of the Magento Commerce cloud, the core application code, and the internal systems. AWS provides network security. Magento customers, or their Magento Certified agency partners, are responsible for their customized instance. What exactly does that mean and what steps should you take to lock down your ecommerce site? We’ve put together a step by step guide.
7 Steps to Lock Down Your Ecommerce Site
1. Choose a Reliable Hosting Provider
Whether you opt for a dedicated hosting service or a cloud hosting provider that can easily scale as you business grows, you want to look for a hosting provider that has a good reputation and provides comprehensive security as part of their plan.
2. Use an SSL
Purchasing, installing, and enabling an SSL for your Magento store is an easy step to take to ensure that all data including customer credit card information is transferred securely from server to website and can not be intercepted by hackers.
3. Upgrade to the Latest Magento Version
The most recent version of Magento often includes performance improvements, code enhancements, and even new features. It will also include all previous security patches and any new security updates. When you upgrade to the latest Magento version, you know you have the most secure version available.
4. Stay Up to Date with Magento Security Patches
5. Use Two-Factor Authentication
Two-factor authentication for your website admin adds an added layer of security and eliminates the risk of a hacker guessing your password. This built-in Magento functionality is easy to enable and requires the user logging in to input a code sent to their mobile device after inputting the correct password.
6. Add a Security Extension
The best Magento security extensions really depend on your business needs. There are a number of free and paid security extensions available that serve a variety of different functions from preventing brute force attacks to tracking admin activity.
7. Test Proactively
Conducting vulnerability scans and proactive penetration testing can help you identify weak spots in your site’s armor before a hacker does. “Pentesting is one of the most underutilized security strategies,” said Charles Martey, Consulting Systems Integration Director at Above The Fray. “All of the preventative measures fail to give you the full picture of your site’s vulnerabilities and pentesting really allows you to identify those weaknesses and shore them up before they become a problem.”
Why Choose Managed Care
Taking the steps to secure your Magento site may seem like a daunting task but it’s a worthwhile one to take on or outsource. If you don’t have the expertise to tackle the steps we’ve outlined in-house, partnering with an experienced Magento Agency is a smart move. A managed care plan, like the one we offer at Above The Fray, guarantees your site will remain secure, stable, & upgradeable.
Interested in learning more about our Magento Security & Managed Care Plans, reach out to us today.
Charles Martey is the Systems Integration Director at Above The Fray, a Magento Certified Agency based in Portland, OR. When he’s not architecting complex ERP integrations or learning a new programming language, he enjoys traveling the world in search of the best bourbon.