Best Security Practices for Merchants

Get a Magento security review done.

Magento developers are not necessarily security experts. Yes, many of them are good at coding but only few know the intricacies of Magento site security.

This is why once (or perhaps, twice) a year, you should get your website analyzed for apparent loopholes and security shortcomings.

If properly done, these reviews help in further hardening of your Magento security measures.
You can check your store for missing patches at

  • Make sure that the computer that is used to access the Magento Admin is secure.
  • Keep your antivirus software up to date, and use a malware scanner. Do not install any unknown programs, or click suspicious links.
  • Use a strong password to log into the computer, and change it periodically. Use a password manager to create and manage secure, unique passwords.
  • Do not save FTP passwords in FTP programs, because they are often harvested by malware and used to infect servers.
  • Have an incident response plan.
Follow us on twitter @mage_sec for the latest Magento security news. Contribute to the website on github magesec/magesec.