Magento ecommerce website security checklist
Use Latest Magento Version
- Each page Checkout
- SEO Friendly URLs
- Flexible Coupons
- Google Base Integration
Use 2 Step Authentication
- Attemp Login
- Verify by Call/SMS
- Enter Security Code
Set custom Path for admin Panel
path makes easy for hackers to navigate to your admin page & use
Brute force attack to start guessing your user name and password.
Choose complex username and password
- Use almost
impossible to crack username and password
password at least 15 character long, mix with upper and lower case,
special character and number
Change Password at Specific Interval
password after every 5 to 6 months
changeover will make the previous leaked data useless
Use Secure FTP
Acquire encrypted connection (SSL/HTTPS)
Disable Directory Indexing
prevents cyber crooks in accessing your mangento ecommerce website's
Be Active With backup Plan
You can prevent data loss by storing your website backup files of-site or arrange for backup through an online backup provider
Prevent mysql injection
Provide great support to outmaneuver any MySQL injection attacks with
its newer versions and patches.
Eliminate email loopholes :
Magento provides its users a great password recovering facility through pre-configured e-mail address. you need to make sure that the e-mail address you use for magento is not publicly known.
firewall to deny public access to everything except web server.
VPN or Port knocking technology
Know where your client come from
Browser is the
main mediator between site and customer, it stores cookies, passwords
and URLs, So make sure you use a verified.