Safety has always been a very important element to consider when it comes to your shop e-commerce . For this we will give some basic tips to protect our stores.
1 – Name and password manager
First we use a name other than “admin” or “administrator” and not the name of our shop is too predictable to the attacks.Furthermore, the password must be strong, it is always good to use a combination of uppercase and lowercase letters with numbers and special keys.
Maybe it will be hard to remember but is safe and if someone wants to hack it will be more complicated. To help we can use a good program to remember how LastPass or 1Password password. They are very comfortable and it’s always best not to leave our computer passwords.
To change the password in Magento we go to System > My Account and edit the information on our account.
2 – Change the URL to access the control panel login
By default we agree to our control panel from misitio.cl / admin. This is too easy for hackers who already know where to start looking for a solution to make this task more difficult.
We are going to change the settings in System > Settings and go to Manager in Advanced.
In Admin Base URL we put Use Custom Admin Path “YES” and ” Custom Admin Path “we write what we need to look more like: mipaneldecontrol
3 – Remove the secret key to the URL
It is important not to give any information about interesting facts, so we hide the secret key from the URL. This key determines a unique key for each session that we connect to the backend of Magento.
To change it go to ” Security “ and ” Add Secret Key to URLs “ we put NO.
4 – Backup
We should make regular backups of all files and databases Magento. This way if something happens we can always return to the previous version thanks to our support.
5 – Update
When a new stable version of Magento is always best to update. Many updates comes with solutions of various types, including security problems.
6 – File Permissions
Let us ensure that Magento files and folders have the correct permissions. The files should have permissions of 644 and 755 folders.
7 – Use a SSL for the login
SSL (Secure Sockets Layer) is a network protocol used to encrypt the data transmission between server and client. This prevents eavesdropping and information disclosure. If you want your Magento shop to use SSL you first need a private SSL certificate is hired on a hosting company.
After having an SSL certificate from your Magento admin panel you can choose to use SSL to the backend of your site and / or its interface.
To do this you must go to System> Settings, then Security Web “Use Secure URLs in Frontend” put YES.