1. Keep Magento Updated
No body’s perfect, not even the creators of the biggest ecommerce platform on the planet, this is why Magento are always repairing flaws in their code and hackers are always looking for vulnerabilities. Don’t panic, just keep on top of your Magento updates. Sign up to the Magento newsletter to hear when updates are being released. Despite the arrival of Magento 2, Magento 1 is still being maintained to ensure security issues are addressed. Always ensure Magento updates are installed by a competent developer.
2. Only use Modules/Extensions from reputable sources
Magento is a modular platform meaning different aspects of its functionality can be turned on or off. The overall functionality can be extended by utilising modules from third parties (known as extensions), these can be free or paid for. There’s a wide array of extensions available from Magento Connect but they can be added by anyone with just a few clicks. A lot of these modules are rarely maintained or stress tested for vulnerabilities so always be sure to check the quality of the reviews and whether the author provides a good level of support. Sometimes it’s worth paying a little extra for a more reputable module and better support.
3. Keep your modules up to date
Once you’ve chosen the best possible modules make sure you’re signed up to the supplier’s newsletter as they will let you know when new versions of their modules are available. It’s really important to keep all modules updated as they usually combat potential vulnerabilities that hackers are always looking for. We would highly recommend a competent developer performs any module upgrades.
4. Keep your server up to date
This should be an entire post on its own but it goes without saying, server software such as PHP (the programming language Magento runs on) should always be kept up to date to ensure security vulnerabilities are eradicated. This probably isn’t something you can do yourself but get in touch with your Digital Agency or hosting company and they’ll be able to help.
5. Use CloudFlare
Cloudflare.com is an absolutely fantastic tool that performs a wide array of useful functions. First and foremost it massively reduces the load on your store by serving cached content to visitors. With regards to security they offer an SSL certificate which encrypts any data your visitors enter into the site. SSL isn’t the only security feature, CloudFlare provides detailed statistics, alerts you to potential threats, blocks persistent troublemakers and provides a customisable firewall. Did I mention all of this is completely FREE?! (Payment plans are available for more features and a higher level of security).
Bonus tip – Check how secure your site is using MageReport.com
As usual, feel free to get in touch if you have any questions regarding this post or if you need a hand putting any of these in place on your Magento store.