1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Any heavy magento user here? How secure is magento?

Discussion in 'Black Hat SEO' started by seoactive, Feb 14, 2013.

  1. seoactive

    seoactive Regular Member

    Joined:
    Nov 15, 2012
    Messages:
    409
    Likes Received:
    21
    Any heavy magento user here? How secure is magento?

    I see open source platforms like wordpress get hacked/infected all the time. Does that apply to Magento as well?
     
  2. Reyone

    Reyone Elite Member

    Joined:
    Sep 30, 2012
    Messages:
    1,577
    Likes Received:
    1,277
    Occupation:
    Hunter
    wordpress geting hacked/infected?

    Well, i think it will very much depend on your server and the conditions of your hosting.
     
  3. seoactive

    seoactive Regular Member

    Joined:
    Nov 15, 2012
    Messages:
    409
    Likes Received:
    21
    Fair enough, but i dont think its just me. A wordpress site getting hacked/infected with malicious codes are more and more common these days. Its not too much concern for me as I have backup and I can always restore it.

    However, operating a ecommerce store is a different story... I have customer's info there etc. So I definitely want to secure it the best I can.
     
  4. DamageX

    DamageX Elite Member

    Joined:
    Sep 17, 2008
    Messages:
    2,692
    Likes Received:
    1,687
    Occupation:
    Unemployable
    Location:
    Former nomad
    That's not so much an issue of WP being vulnerable as it's an issue of the myriads of poorly coded themes and plugins used.
     
    • Thanks Thanks x 1
  5. michajlo

    michajlo Newbie

    Joined:
    Aug 27, 2012
    Messages:
    15
    Likes Received:
    1
    Magento on standard additions, it is very safe - it's good e-commerce platform.
     
  6. seoactive

    seoactive Regular Member

    Joined:
    Nov 15, 2012
    Messages:
    409
    Likes Received:
    21
    Well, I am planning to purchase a magento theme from themeforest along with a few 'extensions' for my upcoming ecommerce site. Do you have any advice or suggestion on this? Maybe some info that I should be aware of beforehand so I can avoid if possible? Thx in advance.
     
  7. DamageX

    DamageX Elite Member

    Joined:
    Sep 17, 2008
    Messages:
    2,692
    Likes Received:
    1,687
    Occupation:
    Unemployable
    Location:
    Former nomad
    Wish I could give you some pointers, but I'm not a coder. I know the above to be true partly due to experience and partly due to it having been discussed on forums for years.
     
    • Thanks Thanks x 1
  8. mapp2819

    mapp2819 Regular Member

    Joined:
    May 7, 2011
    Messages:
    390
    Likes Received:
    266
    Occupation:
    Director
    Location:
    London, UK
    I've been using Magento for around 5 years now and found it to be very secure. I have it set up on a VPS. As the code is open source, I spent a few weeks reading over certain parts of code that I knew were vital and familiarising myself with how it works.

    I've had no issues with any security issues. If you do install Magento, the first thing you should is change your default admin path (eg - www.yourstore.com/admin) - a quick search will show you how to do this.
     
  9. GiorgioB

    GiorgioB Supreme Member

    Joined:
    Feb 28, 2012
    Messages:
    1,288
    Likes Received:
    1,318
    Occupation:
    Making money
    Location:
    Touching the Sky
    The most important is to pick difficult to guess passwords and usernames, like everything; A part from that, I believe Magento is very secure, I have worked on it for a couple of years for some very big retailers.
     
  10. Kazi_Haque

    Kazi_Haque Regular Member

    Joined:
    Aug 13, 2010
    Messages:
    325
    Likes Received:
    425
    Occupation:
    Internet Marketing
    Location:
    Melbourne, Australia
    How you guys removed index.php URLs from Magento backend and frontend?

    I tried robots.txt file but it didn't help.

    Any suggestion?
     
  11. mapp2819

    mapp2819 Regular Member

    Joined:
    May 7, 2011
    Messages:
    390
    Likes Received:
    266
    Occupation:
    Director
    Location:
    London, UK
    Turn on Web Server Re-writes in the admin of your Magneto install. You can find it at System->Configuration->Web->Search Engine Optimization.

    You have to enable mod_rewrite in apache to make clean urls to work. Remember to flush your cache after doing this.
     
  12. mapp2819

    mapp2819 Regular Member

    Joined:
    May 7, 2011
    Messages:
    390
    Likes Received:
    266
    Occupation:
    Director
    Location:
    London, UK
    You should also add this into your .htaccess file:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
     
  13. iwin_it

    iwin_it Newbie

    Joined:
    Nov 26, 2012
    Messages:
    24
    Likes Received:
    0
    Home Page:
    For better security, you can go for licensed version of Magento enterprise or community one.