Guest post by Detectify 

5 tips that will get you up to speed

Magento is used to power more than 250,000 web stores worldwide, handling over $100 billion annually. It is one of the most popular e-commerce platforms out there, which also makes it a lucrative target for hackers.

That does not mean that Magento is less secure than their competitors. In fact, they are known to be pretty good at security. Despite this, it is certainly time for web store owners to start caring about security.

Due to the increased attention to security in media, trust has become even more crucial than before. Your customers need to feel confident that you will protect their data if they share their payment details with you.

However, there is no need to feel overwhelmed. Security does not need to be that hard! Here come five tips to help you get started.

1) Keep your installation up-to-date

The single most important step to securing your web store is to regularly update the system behind it, i.e. your Magento installation. Magento's security engineers do a lot of great security work, but to benefit from it, you need to run the latest version of the platform.

In fact, this goes for extensions as well as your personal computer. If a hacker is able to control your computer, they are not far from controlling your web store too. In short, just keep everything updated.

2) Use HTTPS

There are many reasons to implement HTTPS, ranging from SEO benefits to not scaring away customers due to new warnings displayed by web browsers. HTTPS is also critical when it comes to e-commerce security as it helps protect your customers’ data.

If a customer uses the same WiFi as the hacker and HTTPS is not used, the hacker gets access to all the customer's private information (including credit card credentials) when a purchase is made. If HTTPS is used, the hacker can only access unreadable encrypted data.

3) Give your extensions a look-over

For many, extensions are one of the main reasons to use Magento and there is absolutely nothing wrong with that. Extensions offer a simple way to extend the functionality of your site, but you should keep in mind that this also extends the attack surface.

While Magento has a team of competent developers behind it, extensions are not always developed with the same care and are therefore often the way in for hackers.

Do you have extensions installed that you no longer use? Delete them. Extensions that haven’t been updated in a long time? Make sure to update them. There is no reason to stop using extensions altogether, but it’s worth taking the time to think about how you use them and minimise the risks.

4) Think about security on a regular basis

Security is no longer a one-time job. New vulnerabilities are found all the time and something that is considered safe can become vulnerable overnight without the code changing at all.

One way to stay on top of security is to follow security news for new information and Magento updates.You can also run regular security scans that will tell you when a vulnerability is discovered on your website. For example, Detectify is an automated security scanning service that allows you to schedule regular scans (free 14-day trial), but there are other solutions out there as well.

If you decide not to scan regularly, at least try it out once for free to get an overview of your site’s security status.

5) Delegate the work!

Working with security is a full-time job and if you’re running a web store, you probably don’t have time to do everything, which is why you need to delegate. Using a service like MageCloud to manage your installation is a great way to do this. You might be an expert at running a web store, but that does not mean you are equally good at the technical details. Let someone who focuses only on the technical aspect handle this and you can spend your time managing everything else. This is often cheaper in the long run and gives you better end results!

Do you have any other security tips that you think we have missed? If so, please let us know in the comments section below!