Security Check-list
- Install/Upgrade SSL certificate
- Add site seal
- Rotate all server passwords
- Review and remove unused FTP/SSH accounts
- Review and remove unused Magento administrator/API accounts
- Register with a approved scanning vendor (Eg. Security Metrics) for automated security scans
- Complete your PCI self assessment form (where appropriate)
- Change the Magento admin URL back to
/admin
and enable admin protection - Enable downloader protection
- Enable API protection
- Correctly configure your Magento cron
- Correctly configure your custom cron jobs (where appropriate)
- Enable email audit log notification and review daily
- Ensure your file permissions are correct, per installation
- Securely install WordPress (where appropriate)
- Download and apply all Magento patches to your store
- Verify all Magento patches are properly applied with the vulnerability scanner and MageReport
- Subscribe to Magento security alerts
- Stay abreast of Magento news via MageTalk, MageDev Weekly and the official Magento Community Digest
[nectar_btn size="large" button_style="regular" button_color_2="Extra-Color-1" solid_text_color_override="#13348e" class="button button-bigger" text="Next article: Improving Magento performance" url="https://www.sonassi.com/blog/improving-magento-performance" /]