It takes a lot of hard work to run a successful ecommerce website. Customer service, product catalogs, accounting, technology, the list goes on and on. Don’t let that work go to waste though by someone hacking into your Magento site because you didn’t take basic security measures to protect yourself.
If you think its too hard, it’s not. A few simple steps can help keep your site and your data safe…
- Change your Magento Admin Panel URL – By default you’ll log in to the back-end of your site by going to www.yoursite.com/admin. It’s not going to be hard for someone to guess that path so change it. Find your local.xml file and look for a line that reads “<frontName><![CDATA[admin]]></frontName>”. Change the admin part to whatever you want your new address to be. Then clear your cache manually by deleting all the files on your server in var/cache/ directory.
- Make your Magento Admin Panel URL secure – You should already be using a SSL certificate on your site to make transactions safe and to give your customers peace of mind. You can make Magento use that same security measure when you log in to your site so that your password is encrypted. Just navigate to System > Configuration > Web > Secure > Use Secure URLs in Admin and select “Yes”.
- Use a unique password! – Don’t use the same password for every site you need to log in to. If your password is compromised in one place it will be compromised everywhere.
- Make your password at least a little difficult to hack – You don’t want someone guessing your password or using a simple tool to run through every word in the dictionary. Through in some capitalization. Try a few numbers. Mix things up.
While there are a lot of things you can do to better protect yourself, thankfully they’re all pretty easy. Go out, make a few quick changes, and sleep better knowing your site is safe.
The Commative Team