There are no doubts that everybody wants to get to know how to make Magento ® more secure.
Administrator’s Magento Security Name and Password
We advise you to select such an administrator name that will be complex enough and difficult to guess. Of course, you should not use the names, Admin or Administrator, because it is really easy to guess them. We advise you to use a random combination of upper and lower case letters, symbols, and numbers for a password.
There is an ability to change your administrator name and password from the Dashboard of your Magento ® store. So, it is up to you and you can change them at any time. You should log into your admin panel and go to the System menu and click on My account:
The other important thing to know is that you can change the admin name and password from the database used by Magento ®. It can save you if you forget the credentials and it can be done through phpMyAdmin.
Don’t be inattentive with backups!
Sometimes something goes wrong and we can lose important data. In order to avoid these moments, we advise you to make regular backups and you will feel better because you can restore your files and database of Magento ® using the most recent undamaged backups. It will save your Magento ® store, customizations and the most precious thing – your time.
Use SSH or your FTP client in order to back up your Magento ® files and export the Magento ® database through phpMyAdmin. The access to phpMyAdmin can be secured from your host provider. To view database tables you should click on the name of the database where Magento ® is installed. It should be done in phpMyAdmin (in the left frame).The next step is to mark all the checkboxes for the tables in the right frame mark and choose Export from the With selected drop down menu. Please, pay attention that there are several pages with the database tables.
Why do you need to update Magento ® to the last version?
If a new version of Magento ® is released, don’t waste time and update your Magento ®. It will help you to solve the range of issues and provide you with new abilities and functions. Updates fix a variety of problems including security issues of Magento ®.
Check your file permissions
Magento ® files and folders on your hosting account should have correct permissions. Make sure that the files have a permission of 644 and folders of 755. Of course, if there is a file or directory with incorrect permissions, you can fix it manually with an FTP client, for example.
Dangerous PHP Functions and how to fight them
Dangerous PHP functions can be disabled by adding some rules to the php.ini file for your account. Some servers are configured in such a way that they work with one global php.ini file per account. Here is an example of disabling for one of the dangerous PHP functions:
disable_functions = proc_open, phpinfo, show_source, system, shell_exec, passthru, exec, popen
SSL Encryption
Data transfers between server and client are a very important thing and it should be the most secure. SSL (Secure Sockets Layer) is a network protocol which is used for these purposes, in other words, it is used to encrypt your data transfer. If you need to use SSL for your Magento ® store, you should get a private SSL certificate.
If you have already had it, you can choose to use SSL for your backend or/and frontend from your Magento ® admin panel. You should go to System – Configuration and click on Web from the General menu in the left. The Secure panel will be open in the middle of the page. You should type the URL of your store in the field for the first option. It is called Base URL: e.g. https://yoursite.com. Then you should enable SSL for the respective parts of the site: Use Secure URLs in Frontend, Use Secure URLs in Admin.
Please click on the Save Config button to save your changes.
