Flying Spares, provider of spare parts for vintage cars and high quality marques, displaying a Rolls-Royce from their eCommerce Shopify development from magic42

Flying Spares

International B2B Magento with 240k catalogue, Khaos Control Integration and digital marketing.
See our work
Stone Computers Case Study by magic42

Stone Computers

Adobe Magento Commerce B2C, B2B portal and PunchOut sites and bespoke loan payment solution.
See our work
Alan Paine quality clothing retailer showing their brand, as featured in their case study for their eCommerce website with magic42

Alan Paine

Multisite, B2C migration from Magento to Shopify Plus with ERP integration.
See our work
Haws Watering Cans case study after eCommerce development agency, magic42, migrated their site to Shopify

Haws Watering Cans

B2C eCommerce strategy, UX improvements, AdWords and Klaviyo email marketing management.
See our work
Alan Paine quality clothing retailer showing their brand, as featured in their case study for their eCommerce website with magic42

Alan Paine

Multi-site, B2C migration from Magento to Shopify Plus with ERP integration.
Find out more
Roger Clark Motorsport automative eCommerce client case study from magic42, showing high quality silver cars in a slick garage

Roger Clark Motorsport

B2C and B2B migration of bespoke, global automotive parts website to Shopify.
Find out more

Call Us

Speak to a Shopify expert:

0121 663 6360

Get in touch 
magic42 - eCommerce development experts born from retail success

Born from a retailer

Read the full story of how our award-winning retail business developed into magic42.
Find out more
Envision Workshop documents as an outcome from our replatforming and migration meeting for your eCommerce website

How we'll work with you

Find out what it's like to partner with us and the steps involved for your eCommerce project.
Find out more
Alex Ashman, director of magic42, in a bumper car with a huge grin on his face as he mingles with his eCommerce development team at magic42

Looking to join us?

Take a look at what it's like to work at magic42 and the opportunities we offer.
Find out more

Call Us

Speak to our eCommerce experts:

0121 663 6360

Get in touch 

Magento tips for security - 7 you just can't ignore

Author: 
Alex Ashman
Published: 
September 24, 2019
Magento Security tips to enhance your eCommerce website

Magento is a hugely popular platform, and with that level of success comes downsides. One of those downsides is that the platform attracts unwanted attention from those with malicious intent. Magento can (and does) store customer information, and merchant payment details - the impact of a breach can be huge on your business. Therefore, I have put together some tips towards hardening your site's security as part of my long standing experience as a Magento Solution Specialist and Magento partner.

 

1: Set up the Magento security scanning tool

The Magento Security Scan Tool is a 1 line script that can be added to your website, that enables you to regularly receive a report of security vulnerabilities such as malware and unauthorised access attempts. The tool is available in both the Commerce and Open Source versions. There are occasional false positives, but it’s a useful reassurance to have. We’ve written on this tool in more detail here.

 

2: Set up Roles and Permissions

You’ll have a need for different people to access your site, and the bigger your team is, the more people will need access. Unfortunately, it’s really common for us to see all users given admin privileges. This means all these users for example can access and export customer details, and even edit payment details and prices. The list goes on and is simply an unnecessary amount of access for everyone on your team to have. We recommend that you restrict access based on who needs it applying the principle of “least privilege”. It makes sense and is just good IT housekeeping. 

 

3: Had multiple developers or agencies working on your site?

Then you really need to check who is being sent your site information. There are a number of alerts that can be sent out from Magento controlled by the admin panel, including error reports from Shopping feeds, failed payments and evening being bcc’d on sales emails. Often we find old developer or agencies' contact details hidden away and we’ve seen it before where customer details have been sent to these people even though you may have left the agency. Be sure to check what is being sent and to whom.

4: Consider 2FA (2 Factor Authentication) and ReCaptcha to avoid spam submission

2FA (2 Factor Authentication) and ReCaptcha are now built into Magento as of 2.3 and are well known for restricting access and stopping malicious intent. There are a number of excellent authentication methods, but we often use Google's own authenticator which gives you a code from your mobile to input into Magento. We’ve written more on the subject here, including solutions for Magento 1.

 

5: Ensure the admin URL isn’t the default one to avoid brute force attacks

A brute force attack is a trial-and-error method, usually by using automated software, to obtain information such as a user password. These kind of attacks should be picked up by your managed hosting provider, but one of the ways you can protect yourself and your site better is to ensure your admin URL isn’t the stock one provided to you by Magento. This ensures no-brute force attacks can happen as they won't know where the login form is to target.

6: Configure Magento's Content Security Policy (CSP)

Magento 2.3.5 and Adobe Commerce can help keep your eCommerce website secure with its Content Security Policy. A CSP enables website owners to review any webpage URLs and content using its report mode. Trusted URLs can be whitelisted, whilst unwanted links can be blocked via the CSP's restrict mode. It's important to take a look at these with an experienced developer to enable that extra layer of security, preventing harmful content from loading such as malware.

 

7: Maximise Magento security by making sure it's up to date

Do ensure that your Magento eCommerce are patched and up to date – you’ll get bug fixes, features and security patches periodically. You can do this by checking in the footer of your admin panel against Magento’s releases (1.9.1 onwards). Alternatively, you can install the Magento Security Scan Tool – this will alert you to missing security patches. The releases are provided for a reason for Magento and shouldn’t be ignored. 

 

Taking Your Security Seriously

At magic42, we take care of these kinds of security concerns for all our clients as standard. Speak to us for any concerns or to find out how an agency should be proactively helping you manage your Magento site's security.

Related services

Iterative eCommerce Growth
Magento integrations
International eCommerce

To find out how we can help with your eCommerce website, please contact us.

magic42 is a UK-based eCommerce development agency, born from an award-winning retailer. Having grown with the industry since the year 2000, we provide our unique perspective to help clients get the best from their eCommerce platforms.
Company No. 11572347 VAT No. 310 2436 61
Shopify Partners Logo (as used by Shopify Development Partners)
© Copyright 2024 magic42 Limited - All Rights Reserved
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram