As with any Magento ecommerce store, security concerns are always present. New vulnerabilities are constantly discovered and can be taken advantage of if you do not apply the latest patches or update your Magento. Today, we are going to talk about the methods you can use to tighten your Magento security and recover your Magento hacked store. This guide will help you answer the question: How to recover Magento hacked stores and online shops.
Identify The Magento Hacked Store
Whenever a Magento store is compromised, one of the primary concern is to determine the hack. Below are some ways that can help you find Magento hacked stores:
- Blacklist warnings by search engines.
- Strange credit card activities reported by customers.
- Abnormal behavior of checkout page.
- Disturbance in orders and sales.
- Spam keywords and details in product listings and other pages.
- Your hosting provider suspends your Magento store for malicious activities.
- Your domain gets blacklisting warnings.
- Change in files and folders.
- Modifications in the Magento core integrations.
- Unknown sessions and admin users in the Magento backend.
Magento Security Scan
There are many great free tools you can use to scan your Magento store remotely. The most famous one is MageReport.com. It allows you to scan your Magento store and will give you a quick insight into the security status and advise on how you can fix vulnerabilities like malicious payloads, credit card swipers, and intermediary domains, etc.
Also, there is Sucuri free website malware and security scanner. You can also use it for scanning your Magento store.
Check The Google Transparency Report
To check whether your Magento store is blacklisted by Google or other authorities, you can use the Google Transparency Report to diagnose the security status of your Magento.
Visit the Google Transparency Report Site Status page and enter your Magento URL. You can also check Site Safety Details and Testing Details on this page.
Compare and Clean Modifications in Magento Files and Folders
Any file that’s been modified recently on your server might be a part of the Magento hacked store. In this case, your Magento files and folders should be checked thoroughly against malware injections. You can quickly compare your Magento core files with a fresh copy of Magento core files by using the diff command in SSH Terminal. If you are not familiar with the command line, you can manually check your files using any file management client.
You can also download and use DiffMerge to compare files. It is available on Windows, OS X, and Linux. Remember, when comparing your store with new Magento files, make sure to use the same version of Magento including extensions and any applied patches. I’d also advise to remove and reinstall all the themes, extensions, and custom modules, etc., after a hack to ensure that they are functioning free of malware.
Clean Magento Hacked DB Tables
To clean a malware from your Magento database, you can log into the database admin area and search for suspicious content like spammy keywords, links to other domains, malicious PHP-based functions such as preg_replace, str_replace, eval, base64_decode, gzinflate, etc. Also, the most common table for Magento malware is the core_config_data table. Hackers specifically target the Magento store’s footer and header area via this table.
Secure the Magento Admin Panel
To secure Magento admin, you should first change all admin passwords with strong and unique usernames and passwords to avoid reinfection. If your Magento store is using the old version, you must first patch your store. Hackers can steal your Magento admin credentials from the backend if your store is not up to date.
You should also lower the number of admin accounts for your Magento. This advice also extends to your SFTP and hosting access. Only give access to a limited number of people. This concept is known as the concept of least privileged access.
Also, use custom path for Magento admin login. Usually, our Magento admin login is located at www.domain.com/admin. You can easily change this by changing your admin login path from configuration XML file of Magento.
Last, but not the least, you can also restrict access to your Magento admin panel on a single IP address by writing some rules in your .htaccess file. And yes, if you have changed your Magento admin login path, you would also need to update it in the .htaccess file. It is also important to use a static IP address because a lot of ISPs assign dynamic IP addresses which change from time to time.
Apply Security Patch and Upgrade Magento Version
An unpatched and outdated Magento store is one of the biggest targets of infection hacks. But before applying any security patch and upgrading the Magento version, it’s necessary to remove any known vulnerable extensions and reset all important passwords to ensure that you are not reinfected if hackers try to access to your store again.
You should upgrade Magento version including core files, components, templates, modules, Â and plugins, etc. You can also check your extensions and update them as well.
Use Secure Connections
No matter what medium you use, you should always use a secure connection to connect to your Magento store. You should use SFTP encryption if your hosting provides it (or ask for it).
HTTP security headers provide a layer of security for Magento stores which helps to reduce attacks and security vulnerabilities. They usually require some configuration on your hosting server. These headers guide your browser to behave in a certain way when handling the content of your Magento store.
Use SSL connection. For Magento stores, the reason you need the SSL certificate is that they process sensitive data securely. Make sure you are running your Magento store over an HTTPS connection. If you are required to configure SSL on your web server, ask your hosting provider to help you with it.
Create Backups
Once your Magento store is clean and recovered, make a full backup of your files and folders including the database. A good backup plan is one of the fundamental needs of website security. Make sure you create a Cron job daily backups and save all the backups in a secure place.
Summing It All Up
This article sheds light on the many ways by which you can recover your Magento hacked store and some great tips to keep your store secure. The best practices include keeping your Magento and its extension versions up to date, using smart and unique usernames and passwords, custom admin login path, and SSL certificate, etc.
Most of these recommendations above can be implemented within a few minutes. But if you want to keep your Magento store more secure from hackers, you will need a robust Magento hosting provider like Cloudways that offers you almost everything mentioned above including extra layers of security like server configuration and management, server monitoring, automated server security patches, advanced firewall protection, and a lot of other things.
Abdur Rahman
Abdur Rahman is the Magento whizz at Cloudways. He is growth ambitious, and aims to learn & share information about Ecommerce & Magento Development through practice and experimentation. He loves to travel and explore new ideas whenever he finds time. Get in touch with him at [email protected]
