Add Secret Key to URLs in Magento 2

Add Secret Key to URLs in Magento 2

Threatpost reported a story about a remote code execution vulnerability with Magento 2 Enterprise and Community software.

Magento is committed to delivering superior security to clients and has been actively investigating the root cause of the reported issue.

To reduce potential attacks in magento 2 do following steps.

1. Logon to Merchant Site Admin URL (e.g., your domain.com/admin)
2. Click on Stores > Configuration > ADVANCED > Admin > Security > Add Secret Key to URLs
3. Select YES from the dropdown options
4. Click on Save Config

This problem will be automatically fixed in next version.