Knowledgebase
How to improve the security of Magento
Here we will list some useful tips on how to improve the security of your Magento:
- Use complex administrator name and password. For a password use a random combination of upper and lowercase letters, numbers and symbols (e.g. E9f*m?q5!&). You can change your admin name and password from your store's Dashboard (System>My Account). If you have forgotten your password you can reset it directly in your database using phpMyAdmin. For more information read the article on resetting your Magento password.
- Make regular backups of your Magento files and database. You can backup the files by downloading them from your HostKnox account to your local computer with an FTP client. You can backup your database through phpMyAdmin.
- Update your site when there is a new stable Magento update.
- Make sure your Magento files don't have world-writable permissions. You can use the Fix incorrect permissions feature available in the Files section of the Pixie control panel.
- Disable dangerous PHP functions. This can be done by putting a rule and a list of the dangerous functions in the global php.ini file for your HostKnox account : e.g. disable_functions = proc_open, phpinfo, show_source, system, shell_exec, passthru, exec, popen. Contact the support team if you want to take advantage of this option.
- Use SSL to encrypt the transfer of sensitive information. First you need a private SSL certificate which you can purchase from us. Then you have to change some options in your Magento's Dashboard (admin panel). Read the article on enabling SSL in Magento for some more information.
For some more details read the tutorial on improving the security of your Magento store.