When you develop an online shop the security issue is one of most important. Nobody wants to be deceived neither the owner nor the customer who paid for a product. Magento provides a high level of security for online shopping but keep in mind a “human factor” as well.
Irresponsibility and a lack of awareness of staff working in the online shop may cause a damage. So if you own an online shop or work there, you should not just take into account a safety advice but to fulfill them.
Here are some simple tips to help you avoid getting into trouble.
1. Make sure that your username and password are “strong” enough.
Perhaps you’ve heard a million times and realize that it concerns not only online stores but any website that requires an authenticated user. Although “to hear” does not always mean “to follow”! So once again we go through the main points to be sure that everything is sorted out.
Your login name must not be simple: nor admin, root, administrator etc, nor your name or the name of your online shop, because this type of login name is very predictable and easy to guess.
The password should consist of a combination of upper and lowercase letters, special characters and numbers. For example [email protected]&[email protected]#. Quite intricate, isn’t it? The more varied characters the harder to pick a password. The problem of passwords is they are difficult to remember especially when you need to remember many of them.
Fortunately there are tools such as password managers – a special program for storing and organizing your passwords. There are paid and free programs to choose from.
2. Avoid using the same password for different services
Do not use the same password for different services like e-mail or on any other websites (Twitter, Facebook). Third-party sites may not use HTTPS / SSL for login. Also, it is possible that a third-party site may hack your account and this password will be spread public.
3. Modify the URL path to the login panel.
For example, the default login page for your online shop is http://www.websitename.com/admin. It is very simple! The attacker may pick up a password to your shop quite easily. Why not to make his job more complicated? Lets change the URL path to the login page to a more complex one.
1. Go to Admin Panel System >> Configuration >> Admin.
2. Choose Admin Base URL. Change the Use custom admin URL to Yes
3. Type in Custom admin URL field something like mostsecurepage/. Do not forget to add a slash at the end of your URL.
4. Use SSL certificates like Secured socket layer (SSL)
1. Go to Admin Panel In Magento shop, go to System >> Configuration. Click on “Web”
2. Click on Secure Tab, enter the secure URL to something like https://yourstore.com
3. Choose Yes in the box Use Secure URLs in Admin
5. Close “holes” in your e-mail account.
Magento enables to recover the administrator password by sending a new password to your e-mail. Therefore, the account administrator selects e-mail which is not known to others. Make sure that the password for this email box is sturdy and password recovery tips are well thought.
6. Disable automatic password storage
All modern browsers offer to save your passwords. This is convenient but not always safe . Since outsiders can gain access to your computer or you can lose a laptop and then you can lose much more than just a computer.
7. Use a good antivirus software.
Computer viruses and Trojans not only destroying installed software but also steal data from your computer. To minimize the risks need to use antivirus software with a good reputation. Free program such as AVG are good for home use, but if you need a security guarantee we recommend that you use a reputable paid antivirus. Do not forget to update it regularly!
If you’d like to know more about secutiry issues, consult with your magento web development company.