- Install/Upgrade SSL certificate
- Add site seal
- Rotate all server passwords
- Review and remove unused FTP/SSH accounts
- Review and remove unused Magento administrator/API accounts
- Register with a approved scanning vendor (Eg. Security Metrics) for automated security scans
- Complete your PCI self assessment form (where appropriate)
- Change the Magento admin URL back to
/adminand enable admin protection - Enable downloader protection
- Enable API protection
- Correctly configure your Magento cron
- Correctly configure your custom cron jobs (where appropriate)
- Enable email audit log notification and review daily
- Ensure your file permissions are correct, per installation
- Securely install WordPress (where appropriate)
- Download and apply all Magento patches to your store
- Verify all Magento patches are properly applied with the vulnerability scanner and MageReport
- Subscribe to Magento security alerts
- Stay abreast of Magento news via MageTalk, MageDev Weekly and the official Magento Community Digest