A Guide to Secure Magento Website from Hacker

Getting started with Magento eCommerce platform doesn’t mean your site is safe and secure. Despite the fact that Magento is the most robust content management system for eCommerce websites, you can’t take its security lightly. You need to take serious measures to combat the security and hacking issues for your web store. In fact, the security of online stores becomes even more crucial due to the availability of customer information, payment details, business data and other highly sensitive data that can create a serious problem if they get into the hands of hackers.

Since Magento is the largest eCommerce platform in the world, hackers and spammers have been continuously targeting the websites developed on it. This means you need to put extra efforts to find out the ways to strengthen the security of your web store.

Secure your Magento

With the help of this blog post, we will try to find out the solutions that can protect your site against hackers and other security threats.

1. Stop using default username and simple password

The first thing you need to do is to secure the back-end of your Magento store. You can start with your admin login details. If you are using the default username and common password, then immediately change it. Most of the hackers gain access to the e-store by guessing the login details of an admin area. Below are the few tips that will help you create a new and more secure username and password of your Magento store:

  • Change your default username to something unique and uncommon.
  • Create difficult-to-crack passwords.
  • Your password should be 15 characters long.
  • Use the combination of alphabets, special characters, and numbers to create a strong password for your e-store.
  • Change your password in every few months.
  • Use Password Manager Application to secure your password.
  • Never use the same Magento login details anywhere else.

Follow these tips to improve the security of your Magento username and password. All these efforts will be paid off when a hacker find obstacles in getting into your site via its back-end.

2. Customize the path of your admin panel

Tighten the security of your web store by customizing its admin path.

Your Magento web store is more vulnerable to security threats if you are having the unchanged admin path. The admin path refers to the URL of a site such as mywebstore.com/store/admin. Hackers tend to hack the admin area of the site using “Brute Force Attacks”.


In fact, there are tons of hacking software applications that helps hackers to guess the different combinations of login details until they gain access to the site. But a custom admin path can protect your store from being hacked. For that, you just need to tweak the path of your Magento admin login page. For instance, tweak “mywebstore.com/store/admin” with something more robust, such as “mywebstore/store/hgF988”.


Also, change your Magento connect manager file name if you want to take the security of your store to another level.

3. Make a use of secure FTP

Today’s hackers know the trick of intercepting FTP password to gain access to the site. This means you need to use secure passwords and SFTP (Secured File Transfer Protocol) to ensure the high-security of a Magento store. You can also use Public Key Authentication along with SFTP to secure your site.

4. Update your web store on a regular basis

Make sure you use the most recent version of Magento in order to give secure shopping experience to your potential web customers. This eCommerce web development platform keeps on addressing the issues related to security by rolling out its latest version for Magento users.


You can upgrade the latest version of Magento (version 2.1.3) that includes more than 90 functional fixes and key improvements to configurable product management. It also contains some major security enhancements such as PayPal and Braintree implementations to let you provide safe and secure online payment processing to your potential web customers.

5. Create a whitelist of selected IP addresses

Normally, the Magento stores of online merchants, retailers or manufacturers are managed by specific users – this means you need to put extra efforts to secure your Magento admin site. By creating a whitelist of selected group of IP addresses you can easily restrict foreign access to your e-store. There are two ways of creating a whitelist of specific IP addresses:

  • Use .htaccess to change the settings
  • Use Apache Directive Location Match technique

The second option is comparatively easier than using the .htaccess technique. See the coding below:


Note: Change the given IP address ‘’ and make sure you change the admin to the code you want to use for your store.

One of the downsides of this setting is that you will have to tweak the IP address every time you change the Magento store admin or if you want to login from another system. But, still, it is an incredible way to stop unreliable users from gaining access to your admin panel.


These are the five easy yet compelling ways that can help you secure your Magento store from hackers and other security threats. These tips will help you give safe and secure shopping experience to your web customers, which in turn, boosts your conversions and sales.

About the Author

Linda Wester is a proficient web developer connected with HireMagentoGeeks, a well-known firm which provides PSD to Magento conversion services globally. Apart from this, she is likewise an eager blogger who loves writing information blogs and share her experience with others. Take after her on twitter.

Editorial Staff

Editorial Staff at tutsplanet is a dedicated team to write various tutorial articles.