Security is one aspect that is neglected by a lot of Magento store owners and developers. While you are running around growing your business, there could well be someone trying to break in, and if that happens, a profitable peak season can rapidly become a security disaster.

We created a checklist that ensures almost 99% protection from any such attempts to break in.

  • Use strong passwords (combination of alphabets, numbers and special characters) and keep changing them regularly.
  • Change the Magento admin URL to a non-standard one like ‘/backend-1023’
  • Ensure that sensitive information stored in /var directory is not accessible to anyone publicly.
  • Download and apply all Magento patches to your store.
  • Enable SSL on your website URL’s where transactions are involved.
  • Install the WordPress blog (if applicable) to a separate Virtual host.
  • Ensure your file and folder permissions are correct.
  • Any vulnerable plugins like ‘Magmi’ must be password protected or disabled.
  • Regularly scan your Magento store for any malware infection.
  • Take regular offsite backups of your files as well as databases.


ServerGuy’s Managed Magento Platform is completely secure and customers are informed about any new Magento Security Patches and we can apply them on-demand free of charge. We also take care of all the Magento Security best practices to minimise any such hacks and exploits. See our fully managed Magento hosting plans or Contact Us for more details.