How to Recover Your Hacked Magento Store

by Fayyaz Khattak  April 17, 2017

Ecommerce stores frequently have new requirements and challenges for security and other reasons. Magento, being a popular ecommerce platform, and host to most ecommerce stores nowadays, is known for being a robust ecommerce solution with a high level of performance, stability, functionality, and customizability.

Recover Hacked Magento Store

As with any Magento ecommerce store, security concerns are always present. New vulnerabilities are constantly discovered and can be taken advantage of if you do not apply the latest patches or update your Magento. Today, we are going to talk about the methods you can use to tighten your Magento security and recover your Magento hacked store. This guide will help you answer the question: How to recover Magento hacked stores and online shops.

Identify Hacked Magento

Whenever a Magento store is compromised, one of the primary concern is to determine the hack. Below are some ways that can help you find Magento hacked stores:

  • Blacklist warnings by search engines.
  • Strange credit card activities reported by customers.
  • Abnormal behavior of checkout page.
  • Disturbance in orders and sales.
  • Spam keywords and details in product listings and other pages.
  • Your hosting provider suspends your Magento store for malicious activities.
  • Your domain gets blacklisting warnings.
  • Change in files and folders.
  • Modifications in the Magento core integrations.
  • Unknown sessions and admin users in Magento backend.

Magento Security Scan

There are many great free tools you can use to scan your Magento store remotely. The most famous one is MageReport.com. It allows you to scan your Magento store and will give you a quick insight into the security status and advise on how you can fix vulnerabilities like malicious payloads, credit card swipers, and intermediary domains, etc.

Also, there is Sucuri free website malware and security scanner. You can also use it for scanning your Magento store.

Check Google Transparency Report

To check whether your Magento store is blacklisted by Google or other authorities, you can use Google Transparency Report to diagnose the security status of your Magento.

Visit the Google Transparency Report Site Status page and enter your Magento URL. You can also check Site Safety Details and Testing Details on this page.

Compare and Clean Modifications in Magento Hacked Files and Folders

Any file that’s been modified recently on your server might be a part of the hack. In this case, your Magento files and folders should be checked thoroughly against malware injections. You can quickly compare your Magento core files with a fresh copy of Magento core files by using the diff command in SSH Terminal. If you are not familiar with the command line, you can manually check your files using any file management client.

You can also download and use DiffMerge to compare files. It is available on Windows, OS X, and Linux. Remember, when comparing your store with new Magento files, make sure to use the same version of Magento including extensions and any applied patches. I’d also advise to remove and reinstall all the themes, extensions, and custom modules, etc., after a hack to ensure that they are functioning free of malware.

Clean Magento Hacked DB Tables

To clean a malware from your Magento database, you can log into the database admin area and search for suspicious content like spammy keywords, links to other domains, malicious PHP-based functions such as preg_replace, str_replace, eval, base64_decode, gzinflate, etc. Also, the most common table for Magento malware is the core_config_data table. Hackers specifically target the Magento store’s footer and header area via this table.

Secure the Magento Admin Panel

To secure Magento admin, you should first change all admin passwords with strong and unique usernames and passwords to avoid reinfection. If your Magento store is using the old version, you must first patch your store. Hackers can steal your Magento admin credentials from the backend if your store is not up to date.

You should also lower the number of admin accounts for your Magento. This advice also extends to your SFTP and hosting access. Only give access to a limited number of people. This concept is known as the concept of least privileged access.

Also, use custom path for Magento admin login. Usually, our Magento admin login is located at www.domain.com/admin. You can easily change this by changing your admin login path from configuration XML file of Magento.

Last, but not the least, you can also restrict access to your Magento admin panel on a single IP address by writing some rules in your .htaccess file. And yes, if you have changed your Magento admin login path, you would also need to update it in the .htaccess file. It is also important to use a static IP address because a lot of ISPs assign dynamic IP addresses which change from time to time.

Apply Security Patch and Upgrade Magento Version

An unpatched and outdated Magento store is one of the biggest targets of infection hacks. But before applying any security patch and upgrading the Magento version, it’s necessary to remove any known vulnerable extensions and reset all important passwords to ensure that you are not reinfected if hackers try to access to your store again.

You should upgrade Magento version including core files, components, templates, modules,  and plugins, etc. You can also check your extensions and update them as well.

Use Secure Connections

No matter what medium you use, you should always use a secure connection to connect to your Magento store. You should use SFTP encryption if your hosting provides it (or ask for it).

HTTP security headers provide a layer of security for Magento stores which helps to reduce attacks and security vulnerabilities. They usually require some configuration on your hosting server. These headers guide your browser to behave in a certain way when handling the content of your Magento store.

Use SSL connection. For Magento stores, the reason you need the SSL certificate is that they process sensitive data securely. Make sure you are running your Magento store over an HTTPS connection. If you are required to configure SSL on your web server, ask your hosting provider to help you with it.

Create Backups

Once your Magento store is clean and recovered, make a full backup of your files and folders including the database. A good backup plan is one of the fundamental needs of website security. Make sure you create a Cron job daily backups and save all the backups in a secure place.

Summing It All Up

This article sheds light on the many ways through which you can recover your Magento hacked store and some great tips to keep your store secure. The best practices include keeping your Magento and its extension versions up to date, using smart and unique usernames and passwords, custom admin login path, and SSL certificate, etc.

Most of these recommendations above can be implemented within few minutes. But if you want to keep your Magento store more secure from hackers, you will need a robust Magento hosting provider like Cloudways that offers you almost everything mentioned above including extra layers of security like server configuration and management, server monitoring, automated server security patches, advanced firewall protection, and a lot of other things.

Sign up for free on Cloudways right now and test your Magento store using 14-days trial offer.

Convert visitors into buyers on your 100% faster Magento store.

Deploy your Magento stores on optimized Magento hosting servers.

 

About Fayyaz Khattak

Fayyaz is a Magento Community Manager at Cloudways – A Managed Magento Hosting Platform. His objective is to learn & share about PHP & Magento Development in Community. Fayyaz is a food lover and enjoys driving. You can email him at m.fayyaz@cloudways.com

Stay Connected:

You Might Also Like...