Many of the mangento website owners are not aware of the security of Magento until their sites are hacked by malwares or virus. Below are some tips to better secure of Magento websites.
1. Use a custom admin path
Magento default path url is /admin. This is too easy to guess. To change the admin path, follow these steps:
- First, open the local.xml configuration file in your favorite text editor, or use the Text Editor in the cPanel File Manager. The file is usually located in the app/etc/ directory under your Magento installation. Locate the following code segment:
- Replace the admin in <frontName><![CDATA[admin]]></frontName> to something that is hard to guess.
- Replace the local.xml file
2. File permission
Many of the Magento sites use 777 for their folder and file permissions. This is easier to do the development with 777 permissions. However, once the development is over, we should set all the folders to 755 except the var and media folders and all the file permissions to 664.
3. Use a complex password
se a random generator to generate complex password for your cpanel and FTP so that it is difficult for hackers to guess.