1] Use a secure and strong password password
-
- Choose Difficult Password:
-
- Use Secure FTP Password:
-
- Do Not Save Password In Computer:
Here are some tips for creating a really secure and strong password:
- Bigger is superior, use at least 10 characters.
- Mix upper and lower case, punctuation, and numbers.
- Making your password vocal can make it easier to remember and type quickly.
2] Do not use your Magento password for anything else:
3] Change Your Magento Admin path:
System → Configuration → Advanced → Admin → Admin Base Url
Most Important Note: Do not use the admin base URL settings. It will break your site.
How to change your Magento Admin path
There is an easy way to change your Magento Admin path.
4] Expect HTTPS/SSL for all pages with logins:
Frontend” and “Use Secure URLs in Admin” by going to the “Secure” section of the “Web” tab in the system configuration.
5] Put up-to-date anti-virus software:
6] Disallow Scripting Executatin under full permission folders like Media, Uploads:
<directory /your-dir-path>
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
</directory></span>
2. If you Dont have an access for httpd.conf you can also set it with .htaccess like following
- AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
- Options -ExecCGI
- Use 444 Permission for .htaccess after adding quote
NOTE :- Put that .htaccess code under the directory where you want to dis-allow scripting.
7] Allow Admin Login From Specific IP Address:
You can Apply that configuration under .htaccess to limit access for admin area
AuthName “Protected Area”
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from 114.143.5.69
allow from 49.248.5.
</Limit>
8] Block countries where you are not doing business:
You can block it using IP tables Rule on Server
https://www.cyberciti.biz/faq/block-entier-country-using-iptables/
9] Set proper permissions and ownership settings:
The safe Magento is to set chmod 755 on directories and 644 on all files with the exception of often created/deleted files like session or cache files will need chmod 755.
For More Refer Magento Link:
https://www.magentocommerce.com/wiki/groups/227/resetting_file_permissions
10] Use Sftp Insted of FTP
11] Remove your RELEASE_NOTES.txt after Installation
12] Don’t save export files with sensitive information into folders accessible on the web