7 Safety Tips for Magento
by Team Exabyte
The Magento platform is leading the virtual store market in all over the world, with around 20% market share well ahead of its competitors, other Open Source platforms such as Word Press and Open Cart also have large plots.
With this constant growth of the platform it is normal for it to become a bigger target for attacks, so it is always important to be aware of the security measures that you will take.
Not to mention that the demand of online consumers is increasing, currently about 67% of users check if a virtual store is secure before making any purchase. Knowing this you can conclude that the more secure your store is, the more it will sell.
Security Tips for Magento
Secure password in Admin panel
Always try to use strong passwords in the store admin panel, if the password is too difficult to remember, try jotting down in a notepad. It’s cool to always use lowercase and uppercase letters, numbers, and special characters, and never less than 8 digits.
In Magento it is also possible to change the login name of the administrator which helps a lot, because in most cases the name of access is admin or administrator, and if someone malicious knows the login already has half of the way walked.
Change access URL to Admin panel
In most cases the access URL to the admin panel would thus be sualoja.com.br/admin, but using this path, as in the previous tip would greatly facilitate access to your information by third parties. Always try to use differentiated paths for this type of access, so you are less vulnerable.
An alternative to changing the Admin URL is to use two-factor authentication, this type of security is like a second layer, requesting a Token after entering its user name and password.
The email address you use in Magento is very important because it is very easy to recover the password on the platform, and if your email is invalid your entire virtual store will be compromised. Always use a valid e-mail that is only for your information.
SSL Certificate is very important especially in virtual stores because it protects the connection between the user and the server with advanced 256-bit encryption, thus allowing sensitive data such as credit card number and passwords not to be intercepted.
This is a feature that makes a lot of difference right from the start, once your validation is done, a green padlock is inserted before the URL of your store, so it indicates to the user that the connection is secure.
If you still do not use any SSL Certificate you can check all the types of certificates we offer here at SECNET by clicking here .
Use good website hosting
Always use quality hosting that specializes in Magento, in addition to keeping your virtual store fast and stable hosting has several security systems that protect against numerous types of attack.
If you’re still using regular web hosting to keep your Magento online store, try Magento Hosting optimized with servers configured to ensure maximum platform performance.
Whenever possible consult your developer to make sure that the files and folders in your store have the correct permissions, especially when you migrate to another server.
Attention! Magento files must have 644 (read-only) permission, 755 (read and execute) folders; Already the folders like: / app / etc, / media and / var need 777 (full access) permission.
Keep Modules Updated
Malware Infections and Attacks Hackers are caused by the lack of updating of Magento and its modules, causing important failures in security.
Therefore, I recommend that you always consult your developer to check the update of your modules, and to use only those that are really necessary for the store.
It is also important to prioritize purchased modules that are known to the Magento community for reliability.