12 ways to secure your Magento eCommerce store

June 29th, 2017  | By

E-commerce fraud is a big concern nowadays, more cyber-crimes are committed. As being an eCommerce Business Owner, Is there anything more terrifying for you than the thought of seeing all of your Payment transaction, Customers' information, Products and Financial reports entirely wiped out by a hacker?

The answer would definitely be ‘No’.

Magento which is a great platform is also the target for hackers. Magento comes with many security features still, there is the ambiguity of which smart hackers can take advantage & harm your store.

In this article, We will provide you some basic tips which protect your website.


1. Use Unique Password

According to one survey, over 15% users choose identical passwords for more than one service. Using the same password, you are at the risk of losing all accounts at once. Therefore, try to use a unique password for your each account.

2. Change the admin path location

Magento’s default admin URL path is www.yourdomainname.com/admin. So you should change the admin URL path location & this should be given the highest priority, otherwise, the hacker would know the location of your store’s admin panel and easily hack into our site.

So changing the path of the admin panel takes the first priority.   

3. Setup strong username and password for admin panel

Hacker can easily crack passwords that are not unique. An ideal password should be combination of upper and lowercase letters and should contain combination of alphabetic and numeric characters. By choosing strong username and password, a hacker can't crack the password easily but that doesn't mean that they can't hack, but it takes years to crack the password.

4. Avoid using cPanels

In cPanel, you can manage the FTPs, emails and monitor resources, but they are not completely secure. If someone gets access to cPanel and misuses it, you will find the threat to your data. In case you are using cPanel, then just add Cpanel power dashboards to cloud hosting and admin panel on your custom Magento website.

5. Multi-layer Authentications

Sometimes the strong password is not going to be enough to protect your store, so should you use multi-layer Authentications to secure your site from hackers. You can create multi-layer Authentications & take your store’s security to another level.

6. Eliminate FTP

Nowadays the FTP protocol is unwanted because its authorization is performed on plain text which can be intercepted/hacked easily. Instead of using FTP, you should use a more secure method like SFTP. SFTP protocol relieves you from the IP streaming related issues.

7. Update Magento as soon as possible

Magento provides you the latest security updates. Every security update protects your store from certain attacks, so it is essential to keep your Magento store updated.

8. Restrict Admin access

By allowing only certain IP Address to access the admin panel, we can increase the security of our store. By restricting the admin panel to be opened from any IP Address,  even if the hacker knows the admin url path, he can’t hack the site because he won’t be allowed to access the admin panel from his IP Address.

9. Create backup regularly

In case your site is hacked and if you have a daily backup, your business continues. That doesn't affect more to the daily business activity so that your business runs smoothly as ever.

10. Use parameterized queries

SQL injections are mostly used in website hacking. SQL injections can be triggered when your website URL can get the argument in the url and process it. Like using your website URL parameter, a hacker can get into your website database and steal your customer’s private information like credit card number etc. That information is obviously your responsibility to protect. You can use the parameterized queries to prevent the SQL injections attacks.

11. Good Antivirus

Open-Source and free antivirus software are quite unsafe. You should use the trusted and paid antivirus software and always update it & use latest or updated version of the antivirus. The new updates will add more information about the new malware as well as contain additional patches which keep your website safe from unwanted attacks.

12. Use HTTPS/SSL for all login pages

HTTPS and SSL, make the connection encrypted. It gives you more secure connection and makes it difficult for the hacker to hack into your site. To perform this, do as follows:

  • System > Configuration > Web >  Secure
  • Change the Base URL from http://... to https://...
  • Tap Yes for both Use Secure URLs in Frontend and Use Secure URLs in Admin Panel
  • Save Config.


Securing financial data is a major concern for the site owners. We've covered some tips which help you to protect your online store. In upcoming articles, We'll cover up all the advanced security patches & tricks for Magento store.

At Elitech, We have an expert web development team of exceptionally talented, trained and well experienced front end developers who have strongly contributed in producing outstanding custom Magento eCommerce web applications.

We provide custom Magento development services including Magento theme customization, Magento extension development, payment gateway integration, applying Magento security patches,  and Magento2 latest version up-gradation. Our developer’s strong technical & domain expertise can contribute immensely to grow your business online.

ASK for Free Quote!