Setting up the Magento Security Scanner
Setting up the Magento Security scanner is a simple process.
- To begin, you should log into Magento and go to the Magento security centre where you can click on the link to the Security Scan tool.
- If you or your development agency haven’t set up the security scan tool already, you will need to add your site by clicking “Add site”.
- From that page you need to enter the url of the site you wish to add and give the site a name for your reference.
- You then need to copy the confirmation code below the site name and paste it into the header of your website. The way you do this will differ slightly depending on whether you are running Magento 1 or 2 but the instruction panel on the right of the current screen helpfully details the process for each.
- Next, you need to click the”verify confirmation code” button. On the next screen, you can schedule the frequency of the security scans in order to automate the scanning process going forward.
What comes next?
Security scanning is the first step in ensuring your Magento site is secure. The scan will tell you if there are any vulnerabilities that need to be addressed. You should raise these with your developers, who should then help you to resolve the most important issues and help you understand the impact of each. If you are working with a Magento development agency, they should be monitoring your site’s security on your behalf so using the security scan provides a good opportunity to see how proactive they are and how seriously they are taking security.
New security features in 2.3 Magento owes much of its success to its proactive approach to security. You may be aware or have even read that Magento 2.3 is on its way and will bring with it a host of new security features. The new release will make security scanning even more important as there will inevitably be more developmental complexity required to ensure the effectiveness of new features such as 2-factor authentication and reCAPTCHA in the face of emerging cybersecurity threats.
Is your agency taking security seriously?
Let’s hope so. You should be running regular security scans on your sites and so should your agency. You should also be checking in regularly with each other to make sure your data and that of your customers is as secure as it can be. Negligence is indefensible in today’s technological landscape as some serious big players have recently found out to their cost. If you have any concerns about the security of your Magento site, magic42 can help.