console.warn && console.warn("[GTM4WP] Google Tag Manager container code placement set to OFF !!!"); console.warn && console.warn("[GTM4WP] Data layer codes are active but GTM container must be loaded using custom coding !!!");

Blog Fast White Cat


Karolina Obszynska Sep 01. 2022


Do you want your eCommerce business to grow and to bring even greater profits? Not only the technology you use is important here, but also appropriate security measures. Safeguarding your online store is undoubtedly one of the fundamental tasks of running an online business. This is why we have prepared some guidelines which will enhance the security of your Magento 2 based store.

Security of a store based on Magento 2 – what needs to be done?

A store on Magento 2 is a solution intended for large online businesses which want to develop their sales opportunities even more. However, Magento, like all other platforms, is susceptible to attacks – but you can protect yourselves from these attacks. This is why when running your own online business, it is worth ensuring that it is secure and the approach to this matter should be wholistic. After all, what use is providing a top level of security to our application in context of, let’s say, OWASP Top 10, if we do not appropriately secure access to the network which the infrastructure is activated on, or the physical access to the server room – says Marcin Bukowski, Head of Development and Board Member at Fast White Cat.

What can you do to enhance the security of an online store on Magento?


  1. Infrastructure security

A suitably chosen and maintained infrastructure is one of the elements by means of which your online store works quickly and efficiently. It is also significant in regard to security. When designing the store architecture, at the very beginning you should focus on:

  • Appropriate network layer security.

  • Encryption of communication (e.g., using the SSL protocol), discs, database resources, s3-type resources.

  • Restricting movement between services to only the necessary scope of open ports.

  • Reliance on supported versions of operational systems and automatic updates of operational system packages.

  • Storing logs and their appropriate retention.

  • Addition of passwords in services such as secret manager.

  • Adhering to the rule of least privilege for users and making sure to maintain the smallest necessary number of administrative accounts.

  • Change of access authorizations to “read-only” for some Magento files.

  • Use of Magento modules only from verified sources.

  • Regular backupof your store, stored in a safe location.

2. Safe login and unique address of the administrative panel– with Magento you can create an individual path to the administrative panel. Instead of a traditional URL, such as, you can choose any string of characters, e.g.,

  • Administrator login– refrain from naming the store administrators ”admin”. Choose unique names which are more difficult to guess.

  • Strong password– create a strong password, made up of a string of random numbers, digits, characters, and symbols.

  • Log-in using CAPTCHA.


3. Application

Other than basic security recommendations – relating to infrastructure or password policies – we also provide guidelines relating to the application.

  • Systematic updating of the application, to the newest version.

  • Securing the back-office area.

  • Not using paths which have numeric object identifiers for applications which, e.g., use autoincrement for records stored in a data base.

  • Deactivating certain pathways used for the description of certain sections of the application (e.g., data relating to the installed application version).

  • Security of information which may leak by means of an introspective system.

  • Use of appropriate HTTP headers in communication.

  • Implementation of the configuration of individual services, concealing meta-tags.

  • Use of WAF-type solutions and tools, as well as anti-DDoS

  • Not sending authentication data in plain text.

4. Other

Here, you will find additional recommendations which do not come under the previous aspects:
Implementation of standards during software development, preventing data leakage.

  • Concealing test environments behind an allow-list.

  • Monitoring and analysis of logs and metrics.

  • Regular implementation of system changes, tweaks, and amendments.

  • Systematic scanning of the application using dedicated tools, checking for the appearance of vulnerabilities, validity of the software version, implemented security patches.


How to check whether your online store is sufficiently secure?

It is not easy to independently ensure security for your online store. If you want to be sure that your eCommerce is not at risk of being attacked, use the knowledge and experience of a professional eCommerce house. It is worth partnering with an agency which offers   Magento store suppor, thus having access to experienced developers and testers, effectively protecting your business from external threat.

Are you worried about whether your Magento store is secure?
Write to us - We will advise you on which security measures should be implemented in your eCommerce business.

    Check how we can improve your business