Build a magento website is not easy but maintain a magento website ‘s much more difficult with the security requirements. For e-commerce project, the security must be a top priority.
For the server/hosting security, the webmaster can’t do more since it ‘s another part. You can take care the server security easy by using a high quality service. You can check Top 3 Best Magento Hosting 2015 Award Winning Companies for more detail.
In this post, we will talk about the security for webmaster in the case the server/hosting security is very good. In this case, we still need to fight with other issues and here we show you a great list of magento security tips.
1. Strong admin username/password
Don’t use the popular username like admin or administrator, manager or your website domain name. For the security reason, you need to make sure our admin credentials is kept private as much as possible.
Other than that, the password should be strong with at least 10 characters include number, alphabet and symbol.
2. Weekly password change
Website store online is very important so that the admin password must be changed weekly. In this case, if someone want to guess you password, they must do it very fast or it will be expired.
Keep in mind that even though you got a backup what are safe with any attack, you still lose user data if someone can login to admin panel.
3. Magento Daily Backup
It ‘s a very important feature for any magento hosting. They must be fast and safe with full daily backup. You can check our article about Fast Magento Hosting.
4. Don’t store sensitive data
Don’t store any sensitive data like admin account, FTP, SSH account in anywhere or you have to make sure it ‘s very safe place.
5. Set up system alerts for suspicious activity
You can use some magento security extension like https://www.magentocommerce.com/magento-connect/et-ip-security.html
6. Provide security training to employees
If you hire someone act as webmaster, you must train them about magento security before doing their job. It ‘s very important and you must trust them a lot.
7. Monitor your site regularly
Login to your site and check random features and security daily to make sure everything is working well.
8. Patch Magento System
Any time you see the patch update from magento, you must update as soon as possible.
9. Daily virus scanning
It look like a big task but it is not too big because there are many software what only scan the new change files. If you own a VPS/Server, you can check this tool https://www.rfxn.com/projects/linux-malware-detect/
10. Keep HTTPS/SSL for all login pages
Try to use HTTPS/SSL for all login pages and checkout process. This will help your information safe and help your customers trust your site more.
If you have any more idea, we are welcome to add more to help people secure magento site.