2016-05-30



You have probably Googled all there is to know about improving the security of your website. During your search, you may have come across all manner of tips which range from using alphanumeric passwords to using encrypted connections to access your pages. Everything you may have found has some truth but how do you pick the best solution from the myriad of options? The purpose of this post is to direct your attention to the solutions that really work when protecting your Magento database from hacking.

Use stronger passwords

This is definitely one of the most obvious solutions you probably thought of even before you landed on this post. All in all, this is no ordinary point. Having a strong password is the most obvious step in securing your database. The password you select has to have at least 10 random characters which should be a combination of numbers, special characters, and upper as well as lower case letters. Even so, this is not all there is to have a stronger password.

In addition to having a strong password, you have to ensure that you don’t use the same password for all your accounts. This is a mistake most people make and end up being hacked. If you have accounts you don’t use, delete them. Additionally, you must create unique passwords for all your accounts.

Restrict administrator access

Another unique method you should consider in preventing hacking is to restrict access to the administrator login page. You can do this by making configurations that only allow access to persons with a specific IP address. You can do this through the .htaccess file.

To further prevent brute force attacks, obscure the path to your Magento Administrator Panel. This will help prevent intrusion further. Although this solution will not be sufficient in making your database brute force attacks proof, it will sure deflect attacks that rely on brute force scripts. These are scripts designed to check the admin path for the login page.

Another important thing you should consider doing is using a two-factor authentication. Yes, having a strong password will help you avert most attacks but that will not be sufficient. When it comes to the new standards for security, two-factor authentication is the best new thing. It helps mitigate most of the password-related database security risks. DBA service providers will give you more advice on how to restrict administrator database access.

Use encrypted connections for your web pages

Anything you send out to the Internet can be sniffed out by the best hackers. To not make work easy for them, consider using encrypted connections every time you access your web pages. One of the most recommended secure protocols is the SSL. It helps encrypt sensitive information like personal information and login credentials which are sent from your browser to the web server.

To implement SSL, you need to obtain the SSL certificate. You can then use the certificate to configure your web server to listen on port 443. You should also enable SSL through your Magento administration back-end.

Use custom paths for the administrator back-end

There are so many websites using the default administrator URL for Magento. If you are one of these people, you are definitely an easy target for hackers who are trying to get into your database using brute-force attacks. To reduce the risk of being hacked, customize back-end.

To do this, you need to log into your server through SSH as root. Open ‘Local.xml’ file under ‘/app/etc’ directory of the Magento installation. Replace the ‘admin’ with something more difficult to guess such as ‘MyMagento234’. This will change your admin URL to what you change it to. Make sure you use something you can remember else you will not be able to log into your database.

Only use extension from trusted sources

You may have read somewhere or heard someone say that the security of software system is only as strong as its weakest link. This is a modified version of, ‘a chain is only as strong as its weakest link’. While there are way too many third-party Magento extensions out there for you to pick from, it is important that you only consider the extensions from the most trusted sources.

The wrong extension could be what a hacker needs to get into your database. This is because even with all the necessary security protections in place if the extension has a known vulnerability, hackers will exploit that until they get in. With that being said, prior to implementing a third-party extension, do your research to check its reputation. Are customer reviews positive? What is the reputation of the developer? A good track record is a must-have.

Still on third-party extensions, you need to make sure that they are regularly updated and receive great maintenance support. You need to check for patch releases and apply them as soon as possible.

Update Magento regularly

Checking for Magento updates and installing them is something most people never want to do. As a result, they remain with the old version and miss two or three updates at a time. This is not a great thing to do if you are really concerned about the security of your database. New updates offer added features, fix bugs and provide critical security updates which are tailored to address the latest exploits and attacks.

Your Magento installation, as well as all extensions and themes, have to be up to date at all times. Search for new patches regularly and install them immediately. However, before you run the update, make sure that you backup your website files and its database first. This will keep you safe in case of a problem when installing the updates.

This post has discussed some of the most important things you need to do to keep your Magento database from being hacked. Following these guidelines will certainly help you improve the security of your website. All in all, these are not the only things you need to keep your database safe. There are many more viable techniques out there that you can use to increase your website’s security. The key is to do your due diligence to ensure you are only using the most reliable solutions.

Author Bio

Sujain Thomas is a data IT professional who works closely with DBA experts to provide her clients with fantastic DBA services to solve their data problems. If you need data IT solutions, she is the person for the job. She enjoys writing on database administration and other topics in the IT field.

Show more