SStratus Security Guides - Securing Magento 1.x against malware and brute force attacks
Our support team at Webscale can help implement any of the changes below to help protect your store.
To help protect your store against attacks, do the following:
- Change the admin path from /admin to something less obvious. This is adjusted in the
local.xmlfile near the bottom. Change the frontName variable and clear the Magento cache.
- Password or IP restrict the downloader using the Webscale STRATUS [Access > Protect URL] panel access restrictions or a
.htaccessfile. The downloader can also be moved out of the Magento web root completely when not actively using Magento Connect.
- Update Magmi, as older versions of Magmi are unsecure and can allow remote users to upload files for remote execution.
- Keep any WordPress installations up to date within the Magento web root. WordPress plugins can often be found to introduce or allow malware.
- Apply any missing patches for your store. Our support can help apply these for you. Most Magento 1.x patches are **critical **to security
Further securing your Magento admin
If changing the admin path is not sufficient, it is also possible to IP restrict it entirely. Contact firstname.lastname@example.org for details on how to restrict this.
Was this page helpful?
Glad to hear it! Have any more feedback? Please share it here.
Sorry to hear that. Have any more feedback? Please share it here.