MAGENTO SECURITY INSIGHTS
Free Magento Cybersecurity Resources.
What do we know about Magento?
Well... quite a lot. We monitor the security posture of over 224,000 Magento websites across the Magento 1 and Magento 2 platforms.
Our forensic team helps a LOT of hacked Magento websites each year - much of our capability to detect threats comes from this experience.
We know how the criminals break in and steal data from Magento sites - Our mission is to protect small and growing businesses from criminals - through information, education and our technologies.
What are the stats?
Download our latest report at the link below (scroll down for previous reports).
Enter your email address to receive Magento Security Advice and report updates
We will not share your email and will only send you report updates and related security advice. You may unsubscribe by clicking the unsubscribe link on each email.
Start your journey to a safe Magento website here:
Update your password regularlyThis is age-old advice - so we wouldn't suggest it if it wasn't critical. Read our blog for advice on how to choose a safe password. Multi Factor Authentication will provide even stronger protection - a low-cost but highly effective security control.
Change your Admin Path URLThis is the URL you and your team use to log in to your website. All Magento websites by default use the same variation of URL, and if an attacker finds your admin page, they have a far better shot at gaining access to your website. In fact... it's easy to break in, unless you have security in place to protect your site.
Monitor the accounts which are accessing your website's backendNever share accounts. Run regular audits on admin accounts - keep admin access to a minimum. You should know who has access to your website. If accounts are logging in at unexpected hours, this could be a sign that an attacker has compromised the account.
Check your recently changed files - are they genuine?Many compromises involve files being added or changed on a website. Take a look at your change log for any suspicious file activity - who made those changes, were they planned, are the files legit?
Scan your website regularly for indicators of compromise, malware
Using an external malware/IOC scanner, such as WebScan for occasional on-demand scans - or sign up for our FGX-Web Lite service for daily external scans delivered to your inbox - can give you a quick and simple insight into the security posture of your website.
Both WebScan and FGX-Web include historic data so that you can track changes to your Risk Score over time.
Monitoring & Protecting your website
Get started with FGX-Web today
Our Previous Website Security Reports
Download 17th May 2021 >
Download 30th April 2021 >
Download 5th April 2021 >
Download 22nd March 2021 >
Download 8th March 2021 >
Download 22nd February 2021 >
Download 8th February 2021 >
Download 25th January 2021 >
Download 11th January 2021 >
Download 28th December 2020 >
Download 14th December 2020 >
Migrating to Magento 2 - All You Need to Know
Being such a popular e-commerce platform makes Magento...
Speak with us
Cyber Insurance is Important
Security may not totally eliminate the risk, so taking out an appropriate insurance policy is a critical part of mitigating risk in online businesses. We’re happy to link you with insurance brokers who understand the problem.