The Top Ways to Secure Your Magento eCommerce Platform

magento-security1As an online vendor in a web-centric market, the eCommerce experience that you deliver to your clients is of utmost priority. While making visual or technical changes to your online store may seem like the recipe for success, even the most elaborate and well-functioning platforms can come tumbling down when faced with a security event. As an expert in Magento, Kinga Dow Productions is regularly approached by companies having experienced a breach and that are looking to rebuild. Before taking your online business to the next level, we recommend that you take the following steps: 

Choose a good password and guard it with your life
Your Magento account should be nearly impossible to crack. The best way to deter hackers is to create a complex password with a combination of upper-case and lower-case letters, symbols and numbers. After sharing your Magento password with outside developers, it is imperative that you change it as soon as the contracted work is complete. This will greatly reduce the possibility of unauthorized access or password sharing with others.

Trust Magento’s advice
Magento typically releases security updates to their eCommerce platform following security breaches or the identification of potential points of entry. You will be advised of these updates as they become available through notifications in the admin portal. As an online business owner or web developer, it is in your company’s best interest to apply these updates to your Magento store as soon as they are released in order to safeguard your store. In addition to security updates, Magento sends out improved versions of its eCommerce products on a regular basis. Not only do these modernized versions provide additional features and further facilitate the customer experience, most contain updates to Magento’s security features.

Get technical!
Quickly and easily protect your Magento store from hackers by making a few technical changes. Firstly, change the admin path from the usual “ /admin” to a more unique and/or complex link. This will make your site more difficult to access by hackers from the outside. When storing files, use a SFTP account with a complex password or a public authentication key.

Secondly, use SSL/HTTPS when accessing your online store. Purchase a certificate from a reputable provider, and enable the feature by selecting “Use Secure URLs in Frontend” and “Use Secure URLs in Admin” under System>Configuration>Web>General>Secure.

A third strategy for safeguarding your online store is to secure your local .xml file and switching its file permission to 600 (-rw). The “app/etc” directory is locked in the most recent versions of Magento, however it is possible that it remains publicly available if the “Allow Overrides” option is deactivated in your Apache server.

Pick a trustworthy entourage
Magento extensions can be a great way to add functionality and uniqueness to your eCommerce platform. However, extensions from third-party developers carry risks to the store owner and may act as vehicles for ill-intentioned hackers. Before adding an extension, do a background check of the provider – including reviews and vendor history.

When implementing a new Magento extension by yourself, change the “/downloader” path of your Magento Connect Manager portal to make it less accessible to potential intruders. If you prefer to hire a reputable web developer to produce an extension from scratch, have a conversation to ensure that they follow Magento coding standards.

Give permission only where it is due
It is extremely important that your Magento files be accessible only by select personnel that are authorized to modify and update data on the server. If possible, set the permission levels to 644 for files, 755 for folders, and 775 for media and var folders by inputting the following SSH commands:

find . -type d -exec chmod 775 {} \;
find . -type f -exec chmod 664 {} \;

If you are not an experienced web developer, your online store could likely benefit from the services of a professional. A design company such as ours brings years of experience working with Magento, as well as extensive knowledge of the platform and the eCommerce market in general. When it comes to your online store, security is by far the most important investment.

 Kinga Dow Productions is a full-service developer of high-caliber websites for prominent companies in the eCommerce sphere. Our team has decades of experience providing web design, online store, SEO and content management services, complemented by their extensive knowledge of the eCommerce industry and the ever-evolving design principles necessary to make an impact in these areas. Kinga Dow Productions can serve as a truly all-encompassing web partner for your business – from the initial wireframe design, all the way to optimization and content maintenance. Visit their website at for more information.


Leave a Reply