How to secure your eCommerce store?

  • Around 200000 eCommerce stores were built using Magento platform. Owing to the influence of Magento development in the eCommerce sector ,it has been repeatedly exposed to security attack by hackers. To keep up with the sales Magento frequently releases security patches.
    • magento security


  • Some of the precautionary measures to be taken to reduce the impact of security attacks are
  • SECURITY TIP #1 : Use of strong passwords
  • Major drawbacks of attack begins with the usage of weak passwords. Magento store owner has access to sensitive information, hence it is necessary to have strong admin password to prevent attacks.
  • Instructions to be followed while creating a password:
  1. Your password contains a minimum of 10 letters.
  2. Comprises of numerical and special characters.
  3. Should be a combination of upper and lower case letters.
  4. Your name, company name , phone numbers is not used as a password.
  • SECURITY TIP #2 : Changing the default admin path
  • Default admin path increases the risk of exposing the admin credentials to Brute force attack.
  • Hence it is highly recommended to change the admin path.
  • Ways to change the admin path,
  • Method 1: From the admin backend
  • Go to System->Config->Admin->Admin base URL->Use Custom Admin Path->Click ‘Yes’.
  • Method 2: Implementing changes to local.xml configuration file. You can access it by traversing the below path app/etc/local.xml.
  • Local.xml configuration file
  • <admin>
  • <routers>
  • <adminhtml>
  • <args>
  • <frontName><![CDTA[admin]]</frontName>
  • </args>
  • </routers>
  • </admin>
  • Replace the [admin] path with the new path.
  • Save the configuration file and refresh your cache.
  • SECURITY TIP #3 : Frequent updates
  • It is advisable to use the latest version of Magento. Magento development firm reduces the vulnerability of their product with each version release. If the vulnerability poses grave danger they develop security patches for immediate customer usage. Never neglect such notifications.
  • SECURITY TIP #4 : Two-Factor authorization
  • This is one of the best methods to prevent access from unauthorized users. It adds an additional layer of security. Apart from the usual method of providing user and password combination to gain access a randomly generated security code sent to the users mobile is used for authorization. Even if hackers has your credentials he cannot login to the site without a security code.


  • SECURITY TIP #5 : Encryption of credentials
  • When vital information are send over unsafe connections the probability of the customer credentials landing in unauthorized sources is high. Hence it is always mandatory to use secure URL while processing a financial transaction.
  • Magento provides the option of using SSL for your site,
  • Go to System->Configuration->Web->Secure
  • Under secure tab select ‘YES’ for ‘Use Secure URLs in Frontend’ & ‘Use Secure URLs in Backend’.
  • SECURITY TIP #6 : Frequent change of passwords
  • Some situations may demand the assistance of third party Magento developers. It is always a safe option to change your login credentials before granting access to them and to change it again once the work gets completed.
  • SECURITY TIP #7 : Use of genuine extensions
  • Magento extensions simplifies the job at the same time it also act as a gateway for hackers to penetrate. So do an extensive research of developers background , reviews and rating before integrating a third party extension to your site. 
  • SECURITY TIP #8 : Frequent backup of data
  • To mitigate the impact of risks caused by security attacks it is advisable to take a backup of your database and Magento files to cloud based platforms like Amazon S3.
  • SECURITY TIP #9 : Use of antivirus software
  • Use of free antivirus software might work well for domestic PCs. But on an enterprise level it is advisable to use superior quality antivirus software as it protects sensitive information from leakage. Never forget to update your antivirus software regularly.
  • SECURITY TIP #10 : Review by expert group
  • Although Magento developers have the potential to layer up your Magento store’s security it is highly recommended to rely on security expert. Because they are aware of the loopholes and can detect many vulnerabilities like SQL injection and Cross-Site scripting.
  • No site can be 100% secure.
  • Are you looking got an industry leader to secure your ecommerce website, drop an email to


About Author

Madhumitha Srinivas

I am an avid reader. My ultimate goal is to convey complex information in a much more simple and interesting form.

For business enquiry, please contact us

© Copyright 2013 Veltrod Scroll Top