The Magento scanner is an indispensable tool in the armoury of any eCommerce retailer running Magento 1 or Magento 2 and one you should be using. Simply put, the Magento Security tool checks to make sure your Magento install is fully up to date with all security patches and comprehensively protected in terms of all known vulnerabilities. Ideally you should be logging in to the Magento Security Scan tool regularly, or even better, setting up the tool to run automatically at fixed periods and to email you the results, to keep informed of any issues that may need actioning and speaking to your developers about any risks identified to correctly identify and prioritise any necessary security work. Find out more about magic42’s comprehensive Magento Security services.
Setting up the Magento Security Scanner
Setting up the Magento Security scanner is a simple process.
- To begin, you should log into Magento and go to the Magento security centre where you can click on the link to the Security Scan tool.
- If you or your development agency haven’t set up the security scan tool already, you will need to add your site by clicking “Add site”.
- From that page you need to enter the url of the site you wish to add and give the site a name for your reference.
- You then need to copy the confirmation code below the site name and paste it into the header of your website. The way you do this will differ slightly depending on whether you are running Magento 1 or 2 but the instruction panel on the right of the current screen helpfully details the process for each.
- Next, you need to click the”verify confirmation code” button. On the next screen, you can schedule the frequency of the security scans in order to automate the scanning process going forward.
What comes next?
Security scanning is the first step in ensuring your Magento site is secure. The scan will tell you if there are any vulnerabilities that need to be addressed. You should raise these with your developers, who should then help you to resolve the most important issues and help you understand the impact of each. If you are working with a Magento development agency, they should be monitoring your site’s security on your behalf so using the security scan provides a good opportunity to see how proactive they are and how seriously they are taking security.
New security features in 2.3 Magento owes much of its success to its proactive approach to security. You may be aware or have even read that Magento 2.3 is on its way and will bring with it a host of new security features. The new release will make security scanning even more important as there will inevitably be more developmental complexity required to ensure the effectiveness of new features such as 2-factor authentication and reCAPTCHA in the face of emerging cybersecurity threats.
Is your agency taking security seriously?
Let’s hope so. You should be running regular security scans on your sites and so should your agency. You should also be checking in regularly with each other to make sure your data and that of your customers is as secure as it can be. Negligence is indefensible in today’s technological landscape as some serious big players have recently found out to their cost. If you have any concerns about the security of your Magento site, magic42 can help.
Magento Security Updates April 2020 – What You Need to Know
April 28th saw the release of the latest batch of security and performance updates for Magento.
Magento 2.3.3 patches now out
Magento have released its latest patch to 2.3.3. Available for both Open Source and Commerce, there are hundreds of performance improvements, fixes and features added.