Magento Security – 7 Steps to Lock Down Your Ecommerce Site
Charles Martey is the Systems Integration Director at Above The Fray.
Cybercrimes are on the rise and like all ecommerce platforms, Magento websites are a prime target due to the personal and private nature of customer data kept on file. As most business owners are well aware, the impact of a security breach can destroy the reputation of an ecommerce business and devastate a company financially. Luckily, Magento merchants don’t have to go it alone.
The Magento Security Model
Magento takes a shared responsibility approach, meaning that the merchant isn’t solely responsible for security of the system. Magento provides security of the Magento Commerce cloud, the core application code, and the internal systems. AWS provides network security. Magento customers, or their Magento Certified agency partners, are responsible for their customized instance. What exactly does that mean and what steps should you take to lock down your ecommerce site? We’ve put together a step-by-step guide.
7 Steps to Lock Down Your Ecommerce Site
- Choose a reliable hosting provider
You want to look for a hosting provider that has a good reputation and provides comprehensive security as part of their plan. This is one of the reasons we work closely with Webscale as security has always been a focus of their cloud delivery platform.
- Use an SSL
Purchasing, installing, and enabling an SSL for your Magento store is an easy step to take to ensure that all data including customer credit card information is transferred securely from server to website and cannot be intercepted by hackers.
- Upgrade to the latest Magento Version
The most recent version of Magento often includes performance improvements, code enhancements, and even new features. It will also include all previous security patches and any new security updates. When you upgrade to the latest Magento version, you know you have the most secure version available.
- Stay up to date with Magento security patches
Between version releases, Magento also releases security patches which are fixes for any security loopholes that have been identified. It’s important to stay on top of these because once these patches are released, cyber criminals use that information for targeted attacks on merchants who haven’t yet installed the latest security patches. A Ponemon Institute study found that 60% of organizations that suffered a data breach stated it was due to a known unpatched security issue. Webscale performs “virtual patching” for its customers, using its Web Controls to provide immediate protection against new vulnerabilities, until you are ready to install the official updates.
- Use two-factor authentication
Two-factor authentication for your website admin adds an added layer of security and eliminates the risk of a hacker guessing your password. This built-in Magento functionality is easy to enable and requires the user logging in to input a code sent to their mobile device after inputting the correct password.
- Add a security extension
The best Magento security extensions really depend on your business needs. There are a number of free and paid security extensions available that serve a variety of different functions from preventing brute force attacks to tracking admin activity.
- Test proactively
Conducting vulnerability scans and proactive penetration testing can help you identify weak spots in your site’s armor before a hacker does. Pentesting is one of the most underutilized security strategies. Preventative measures alone can fail to give you the full picture of your site’s vulnerabilities – pentesting really allows you to identify weaknesses and shore them up before they become a problem.
Why Choose Managed Care
Taking the steps to secure your Magento site may seem like a daunting task but it’s a worthwhile one to take on or outsource. If you don’t have the expertise to tackle the steps we’ve outlined, partnering with an experienced Magento Agency is a smart move. A managed care plan, like the one we offer at Above The Fray, guarantees your site will remain secure, stable, and upgradeable. We also recommend working with a security-focused delivery platform like Webscale, to ensure your infrastructure is protected all the way from the traffic edge, to the application backend.
Interested in learning more about our Magento Security and Managed Care Plans, reach out to us today.