Sansec has investigated thousands of security incidents with online stores and we have good visibility into the latest attack methods. If you implement the guidelines below, your store will be in the top-1% of most secure stores on the Internet.
Use a malware & vulnerability monitor. Preventing an incident is of course the best strategy. To do this, you need live visibility into vulnerabilities of your system and all third party components. It is practically impossible to monitor this manually, so you need an automated vulnerability scanner like eComscan. It will alert you right away when a new issues is discovered. Second, an automated scanner will also alert you immediately to suspicious activity, malicious software and rogue admin accounts.
Restrict access to admin control panels. Allow access for your office/staff IPs only. It is best to use a plugin for your system (see also free plugins we recommend for Magento 1 and Magento 2). If you are unable to use a plugin, second best is to use the IP filter in your webserver or CDN/WAF (it may leave some admin routes open though). If your staff uses dynamic IPs, we recommend to use a VPN service, so that you can tunnel all of your authorized store’s backend usage via a single IP.
In case of malware infection, change ALL admin & database passwords immediately. You should assume attackers have intercepted all passwords. Unfortunately, we often see re-infection of stores where attackers use the same stolen passwords to re-enter & infect. We recommend using a computer-generated password of at least 10 characters. See our example script to change all passwords for Magento.
Train your staff to deal with spearphishing. Many stores get hacked because a staff member clicked a link in the wrong message. Criminals are known to target larger stores by finding all employees on Linkedin and sending them phishing mails for weeks or months on end. It only takes a single click for your admin passwords to leak.
This page was last updated at Sep 9th, 2020