Home / Magento Tutorials / Tips to Protect Your Magento Site From Security Threats

Tips to Protect Your Magento Site From Security Threats

Security is an important aspect of all websites, especially for e-commerce website. If you are a Magento user, do you have how to protect your site from the security threats? If you don’t know, don’t worry because this article will give you some useful tips.


Upgrade to the latest version of Magento

There are many reasons why you should always keep your site up-to-date with the latest version of Magento. Security is very important with any software, not only for Magento. In the update version, the security issue has always been invested to improve. Moreover, upgrading Magento will bring the update of security but also comes with new features, other bug fixes and other important upgrades. In fact, the newest version, Magento 2 came with many improvement of security.

Don’t Use Your Magento Password Elsewhere

According to passwordresearch.com, 15% of users use their identical passwords for different places. That is not good at all, using the same password for multiple services can bring the convenience but in fact, it will increase the likelihood that you lose all accounts. All passwords should be unique; you should create the strong password for each service. You shouldn’t save or store your passwords on your computer because some softwares and tools that can steal your passwords.

Two-Factor Authentication

Consider using Two-Factor Authentication extensions, it can prevent unauthorized access to the Administrator. With this extension, no one is unable to login to your Magento admin panel without the authentication from your smartphone. It will help the security becomes more secure.

Use Secure FTP

Using secure FTP passwords and FTP-SSL (Explicit AUTH TLS) or SFTP (SSH File Transfer Protocol) can prevent hack your Magento eCommerce store through FTP password. If you want a higher security level, you can use SFTP and a Public Key Authentication.

An Encrypted Connection is a Must

Always protect your data and never send data over an unencrypted connection. Today, using HTTPS/SSL for your site is a must. Moreover, Google has announced that website using HTTPS/SSL will have higher priority to display in search engine.

Use Trusted Magento Extensions Only

Using extensions from 3rd party is good for your Magento site. It can bring more powerful features to your site but along with the features and convenient, also have some risks of security. With only one vulnerability in one extension, hackers can complete access and control over your website. So, make sure that you use the Magento extensions from trusted developers and also keep it up to date.

Backup Your Magento Store Regularly

Data backup is essential thing that all websites need to do. Backup your files and database regular may help to reduce the damage of the attacks. You should keep you backup on different server than only one. You may keep one on your local computer and one on USB or an external hard-drive.

Restrict Admin Access to Only Approved IP Addresses

You can prevent unauthorized access by restricting admin access to only the IP addresses you have whitelisted. It may be a bit inconvenient, but safety is first.

Take Advantage of User Roles

A website may have many admins, but not all of them are need to access to all administrative areas. Take the advantage of user roles, each administrative should have a different account then limit access to certain tools and features on a per-admin basis. You should do that for 2 reasons:

  • If an account is compromised less damage can be done once you got attack.
  • It is easier to trace which account got compromised and limit the amount of damage being done.

Block Unwanted Countries

If you are not international retailer, blocking access from some countries is an idea to consider. If you just sell products in US only, block all or some countries that can help to protect your site from unwanted traffics. For example, China is country that has a lot of malicious traffic, so blocking access from Chinese IPs may prevent the risk.


No eCommerce site is 100% un-hackable but by implementing the security improvements above, it will seriously decrease the amount of vulnerabilities that can be exploited.

About admin

Check Also

PHP 7 and Magento 2 a quick overview

Quick Overview: PHP 7 and Magento

How time flies! It was eleven years of waiting from the release of PHP 5.0. …