Skip to content


Free Magento Cybersecurity Resources.

What do we know about Magento?

Well... quite a lot. We monitor the security posture of over 224,000 Magento websites across the Magento 1 and Magento 2 platforms.

Our forensic team helps a LOT of hacked Magento websites each year - much of our capability to detect threats comes from this experience.

We know how the criminals break in and steal data from Magento sites - Our mission is to protect small and growing businesses from criminals - through information, education and our technologies.

What are the stats?

Download our latest report at the link below (scroll down for previous reports).

Download July's Report
Receive Email Updates

Over 125,000 websites are still on Magento 1

1,250 Magento sites are having their customer payment data stolen right now

25% Magento 2 websites are High/Critical Risk

Enter your email address to receive Magento Security Advice and report updates

We will not share your email and will only send you report updates and related security advice. You may unsubscribe by clicking the unsubscribe link on each email.

Start your journey to a safe Magento website here:


Update your password regularly

This is age-old advice - so we wouldn't suggest it if it wasn't critical. Read our blog for advice on how to choose a safe password. Multi Factor Authentication will provide even stronger protection - a low-cost but highly effective security control.

Change your Admin Path URL

This is the URL you and your team use to log in to your website. All Magento websites by default use the same variation of URL, and if an attacker finds your admin page, they have a far better shot at gaining access to your website. In fact... it's easy to break in, unless you have security in place to protect your site.

Monitor the accounts which are accessing your website's backend

Never share accounts. Run regular audits on admin accounts - keep admin access to a minimum. You should know who has access to your website. If accounts are logging in at unexpected hours, this could be a sign that an attacker has compromised the account.

Check your recently changed files - are they genuine?

Many compromises involve files being added or changed on a website. Take a look at your change log for any suspicious file activity - who made those changes, were they planned, are the files legit?

Scan your website regularly for indicators of compromise, malware

Using an external malware/IOC scanner, such as WebScan for occasional on-demand scans - or sign up for our FGX-Web Lite service for daily external scans delivered to your inbox - can give you a quick and simple insight into the security posture of your website.

Both WebScan and FGX-Web include historic data so that you can track changes to your Risk Score over time.

Monitoring & Protecting your website

Get started with FGX-Web today


  1. Market-Leading Threat Detection
  2. £2,500 Breach Protection Warranty
  3. Live chat/email support


  1. Market-Leading Threat Detection & Protection
  2. £10,000-£50,000 Breach Protection Warranty
  3. Live chat, email and telephone support

Migrating to Magento 2 - All You Need to Know


Being such a popular e-commerce platform makes Magento...

Protect Your Magento Website


Key Magento security tips to help you protect your website.

Supporting the Magento Community


Magento websites have been the target of criminal activity because...


Speak with us

Cyber Insurance is Important

Security may not totally eliminate the risk, so taking out an appropriate insurance policy is a critical part of mitigating risk in online businesses. We’re happy to link you with insurance brokers who understand the problem.