Posted in: Magento 2 Tutorials
Steps to improve Magento security
Below are a few steps we can take to improve the security:
- Block the countries in which you do not want to sell.
- Admin panel URL: Make your admin URL unique and do not add a standard URL like www.XYZ.com/admin. It will be easy for hackers to reach your admin panel and get to the password guessing stage.
- Remove all unwanted admin logins.
- Do not share FTP, SSH, and Admin access with anyone, and store these details in a safe place like KeePass.
- Add Two Factor verification for admin. Add one extra layer of security on top of password protection. Admin will have to confirm their identity through a second factor, like entering a unique code sent to the User's email or phone instead of just adding the password.
- Add reCaptcha to all forms at the front-end.
- Secure with a complex password: Always use a strong and complicated password for admin and all other details, and change your password frequently.
- Upgrade to the latest Magento 2 version. Magento released the new version to patch security and fix bugs, and always mentions what new features were added.
- Remove all unwanted extensions from the website.
- Remove unwanted scripts from the Magento root directory
- Secure FTP: Guessing an FTP password is the most commonly used method to hack a site. To prevent this, use secure passwords and use SFTP (Secured File Transfer Protocol) which uses a private key file for authenticating a user.
- Do not give out administrative access of the admin, FTP, or SSH to any third parties. Restrict these resources for any third-party admin users.
Did you like this post?