5 easy steps to make your Magento site more secure!

5 easy steps to make your Magento site more secure!

So, it’s 2016 people! It’s a brand New Year, which means we’ll be slowly changing things around to make these blogs bigger and better for all of you! On an unrelated note, we thought we’d mention something about New Years Resolutions. This year, did you make a resolution or a promise? Resolutions are prone to being broke, however a promise holds a much stronger bond. Make a promise, not a resolution!

So thought we’d kick the first Magento Monday off with what seemed to be quite a popular topic back in 2015; here are 5 easy steps to make your Magento site more secure!

We know it can be annoying having to constantly update your Magento operating software, however it is imperative to ensure you have the best protection against hackers. The Magento development team are continuously exploiting weaknesses, in order to make the newer versions safer for site owners. If your site is not up to date, hackers may exploit the well-known weaknesses of your out dated Magento site to break in and steal your files.

Ensure you regularly back your website up:

We don’t like being negative, however; in the instance your website is hacked and your files deleted/vandalized, your website back-ups will be your lifeline. You want to be able to return your website to its previous state in case things go wrong, and that’s the beauty of having an up to date back-up. You can restore or create backups straight from the admin panel. Go to System -> Tools -> Backups. It’s also important to be able to back up your data in several locations as opposed to one, making it easier for you to recover all of your files in a disastrous situation.

NOTE: Backups are useful in many types of scenarios. Having a backup can be useful if you’ve made a mistake on your site, installed a module improperly or even in case you accidentally delete files.

Keep your anti-virus software up to date:

Having anti-virus software is imperative for any sort of digital user nowadays. The internet is spammed with bad links, Trojans, network viruses, malware and spyware. These programs can steal your data, passwords and even put spammy links on your website. Don’t become a victim of something which can be prevented so easily! There are plenty of good (and relatively cheap) anti-virus/malware software to be found.

NOTE: Anti-virus software requires constant updates, however there is usually a setting to automatically download any software updates so you don’t have to do this yourself. Again, it is highly recommended you always keep up to date on your anti-virus software.

Lock down your admin panel:

The default admin panel URL for a Magento store is usually http://example.com/admin/, this is not good as it is too easy for hackers to find. Once found, they can use their tools to maliciously attack your admin panel until they’re in.

To change the URL, open the /app/etc/local.xml in your Magento installation directory. Find this line:

<![CDATA[admin]]>

The “admin” part is the URL, so change it to something complex/random.

After this, refresh your Magento cache by going into the backend System -> Cache Management and click the Flush Magento Cache button.

NOTE: Never use the System -> Config -> Advanced -> Admin -> Admin Base URL.

Only install trusted Magento extensions:

Whilst the Magento Connect marketplace is vast and harbours many useful tools, it can also be a gateway for hackers to steal your files, delete important data etc. Some extensions can be extremely vulnerable to attacks, leaving your website just as exposed. The first thing we do is check the reviews. Plenty of people leave reviews and from there you can get a better idea as to whether the extension is good enough to be installed to your site.

We hope you enjoyed the first Magento Monday of 2016! From now on, we want you to decide on the topics for each Magento Monday, after all it’s made for your benefit! To suggest a topic, leave a comment below or drop Matthew an e-mail at Matthew@wow-zone.net