Maintaining the security of your online store is an important aspect for your reputation as well as to ensure the functioning of your business.
We recommend the following set of minimum policies:
- monitor the latest Magento versions and make sure the Magento platform is up to date
- use the two-step authentication
- configure another way to access the administration panel (if the link is /admin -brute force attacks may occur, try to add a more complex way)
- use SSL certificates (secure your website and transferred information)
- use strong passwords for users (FTP, SSH)
- secure local.xml and other sensitive files - local.xml contains the most important information in your database; restrict the rights on these files so that only your user has access to them (rights: 600 or -rw ----)
- install extensions/plugins from secure sources
- try to have a backup of the site before installing any new extensions
- restrict access to the administration panel to a single IP (if you use a static IP) - this can be done from the .htaccess file
