Magento Security – 7 Steps to Lock Down Your Ecommerce Site

by | May 19, 2021


Charles is the Systems Integration Director at Above The Fray, a Magento Certified Agency based in Portland, OR. When he is not architecting complex ERP integrations or learning a new programming language, he enjoys traveling the world in search of the best bourbon.

Charles Martey is the Systems Integration Director at Above The Fray.

Cybercrimes are on the rise and like all ecommerce platforms, Magento websites are a prime target due to the personal and private nature of customer data kept on file. As most business owners are well aware, the impact of a security breach can destroy the reputation of an ecommerce business and devastate a company financially. Luckily, Magento merchants don’t have to go it alone.

The Magento Security Model

Magento takes a shared responsibility approach, meaning that the merchant isn’t solely responsible for security of the system. Magento provides security of the Magento Commerce cloud, the core application code, and the internal systems. AWS provides network security. Magento customers, or their Magento Certified agency partners, are responsible for their customized instance. What exactly does that mean and what steps should you take to lock down your ecommerce site? We’ve put together a step-by-step guide.

7 Steps to Lock Down Your Ecommerce Site

  1. Choose a reliable hosting provider
    You want to look for a hosting provider that has a good reputation and provides comprehensive security as part of their plan. This is one of the reasons we work closely with Webscale as security has always been a focus of their cloud delivery platform.
  2. Use an SSL
    Purchasing, installing, and enabling an SSL for your Magento store is an easy step to take to ensure that all data including customer credit card information is transferred securely from server to website and cannot be intercepted by hackers.
  3. Upgrade to the latest Magento Version
    The most recent version of Magento often includes performance improvements, code enhancements, and even new features. It will also include all previous security patches and any new security updates. When you upgrade to the latest Magento version, you know you have the most secure version available.
  4. Stay up to date with Magento security patches
    Between version releases, Magento also releases security patches which are fixes for any security loopholes that have been identified. It’s important to stay on top of these because once these patches are released, cyber criminals use that information for targeted attacks on merchants who haven’t yet installed the latest security patches. A Ponemon Institute study found that 60% of organizations that suffered a data breach stated it was due to a known unpatched security issue. Webscale performs “virtual patching” for its customers, using its Web Controls to provide immediate protection against new vulnerabilities, until you are ready to install the official updates.
  5. Use two-factor authentication
    Two-factor authentication for your website admin adds an added layer of security and eliminates the risk of a hacker guessing your password. This built-in Magento functionality is easy to enable and requires the user logging in to input a code sent to their mobile device after inputting the correct password.
  6. Add a security extension
    The best Magento security extensions really depend on your business needs. There are a number of free and paid security extensions available that serve a variety of different functions from preventing brute force attacks to tracking admin activity.
  7. Test proactively
    Conducting vulnerability scans and proactive penetration testing can help you identify weak spots in your site’s armor before a hacker does. Pentesting is one of the most underutilized security strategies. Preventative measures alone can fail to give you the full picture of your site’s vulnerabilities – pentesting really allows you to identify weaknesses and shore them up before they become a problem.

Why Choose Managed Care

Taking the steps to secure your Magento site may seem like a daunting task but it’s a worthwhile one to take on or outsource. If you don’t have the expertise to tackle the steps we’ve outlined, partnering with an experienced Magento Agency is a smart move. A managed care plan, like the one we offer at Above The Fray, guarantees your site will remain secure, stable, and upgradeable. We also recommend working with a security-focused delivery platform like Webscale, to ensure your infrastructure is protected all the way from the traffic edge, to the application backend.

Interested in learning more about our Magento Security and Managed Care Plans, reach out to us today.

Recent Posts

Headless Commerce Drives Edge Computing Adoption

Headless Commerce Drives Edge Computing Adoption

In e-commerce today, the challenge to meet and exceed customer expectations is driving innovation. The demand for frictionless shopping, 24/7 availability, superior product and impeccable service quality is ever increasing, putting pressure on...

read more