Security is almost always common sense.
1. Limit the number of extensions being used and the ones that you do use are not using encrypted source codes
2. Change your admin URL (video here Securing your Magento Admin panel)
3. Use a CDN so that when you do get attacked, that you have some ability to cope with it (video here)
4. Use strong passwords for ALL accounts – https://strongpasswordgenerator.com/ and change them frequently. Consider an extension like this one for two factor logins.
5. Restrict user access to sections that they only need
6. Have a remote backup schedule in place that is tested and works
7. If using Magmi, use the UE version that has password protection and also consider this extra step
8. Keep an eye out for security updates on the Magento site here http://www.magentocommerce.com…..ease-notes
And so on…
Hope that helps.
PS. We personally do the majority of those where needed.
hi does any body tried ?
with M2e Installed. please advise
The recommendations there are good, and I think focused on frontend access. It’s also a good move to secure SSH access.
I set that up on a site recently and blocked something like 35,000 IPs the first day.
I’ve also developed this anti-spam plugin (*free of charge – get it here!). This doesn’t attempt to stop hacks, but stops spammers actually sending spam comments, and leaving spam reviews. This is something which usually stays quiet for a while, and then suddenly you have 5000 spam reviews in a day, and 50 spam comment form submits – NoMoreSpam! will stop most of that.
You can also look at making some kind of double-edged honeypot for frontend attempts. There’s a 2-pronged approach, banning IPs from robots that claim to be a search engine but are not, and blocking robots that don’t respect your robots.txt rules. This significantly reduces server bandwidth usage.
Quick update, we just released an update (still free!) to NoMoreSpam!.
Basically what this does is add in more checks to the default Magento basic anti spam stuff (which are easily, and often, circumvented by spammers).
It now should check for spamming to the newsletter signup form, it has some custom code to work with custom contact forms, and makes more checks to product review submissions. Oh, and it also can check the ‘Create Account’ form for spammy submissions.
If you ever get spam messages via your contact form, or have hundreds of pending spam product reviews, this is for you!
Why Should You Join UnderstandingE?
- Access to over 500 step-by-step video tutorials
- +20 video courses available
- Magento, M2E Pro, Magmi, eBay, Amazon & Design all covered
- Everything is in 100% Plain English
- Learn how to build your own multi-channel software for eBay & Amazon
- Access to the community forums, meet fellow business owners like yourself
Join Now with 2 Clicks
Join now for less that £1 per day you can gain access to over 400 step-by-step video tutorials & learn how to build your very own multi-channel software.
Most Users Ever Online: 1012
Currently Browsing this Page:
Jim @ Moogento: 688
Steve Froggatt: 514
Badeth - UE: 513
Paul Cartwright: 414
Administrators: Matthew Ogborne: 4565, Dave Furness: 4606