Search
×
Log in or create an account
If you have an account with us, please log in.

You have no items in your shopping cart.

How to run Magento security check independently?

There are numerous open-source tools you can use to perform a simple security test.

First of all, you can check if all critical Magento security patches are in place. For this matter, you can use Patch Tester. Input your site URL and click the Run button to get results. The unpatched areas will be marked with red/orange depending on the severity of the issue, while the areas secured with patches will be green.

magento 2 security patch test example

So even if you’re not a tech specialist, you’ll be well informed about Magento security test results.

Some retailers prefer not to enable security patches right after they are deployed. As a rule, the release of a security patch is followed by the release of a new Magento version, which integrates the patch. However, a full upgrade is valid in case you plan to update your store. It requires a detailed check of the store code, including the templates, and validating them for compliance with the new Magento code. So in case you don’t plan big updates, it’s better to enable patches to save time and effort.

You can also go beyond this simple Magento security patch check with MageReport. This tool verifies if you have the patches and also tests your store for threats and vulnerabilities, such as:

  • Brute force attacks
  • Cacheleak vulnerability
  • Webforms vulnerability
  • Unprotected development files
  • Ransomware detected
  • Cryptojacking code detected
  • SSL protection

This tool is user-friendly as well: all problematic areas are marked with red/orange while well-protected areas are green. MageReport can also run the Magento security test on some 3rd-party extensions.

Though the tools are handy and easy-to-use, they don’t offer 100% accuracy. They have no access to your store code. So to make sure the store is secure, you should address your Magento devs to verify the results.

There is one more valid security testing tool - Security Scan developed by Magento. The tool is free and monitors your store security in real-time. Apart from patches, the tool checks the store configuration, reports on potential vulnerabilities and offers fixtures. You can also enable a daily/weekly automated Magento security check.

To enable Security Scan:

  • Sign in to your Magento account.
  • Go to the Security Scan tab and hit Go to Security Scan.
  • Provide your site URL and name and generate a verification code either in META format or in HTML.
  • Sign in to your Admin panel and add the generated code to the HTML Head section. Here’s the path: Content > Design > Configuration > Action column > Edit button.
  • Open the HTML Head section and go to Scripts and Styles.
  • Input the verification code and click Save Configuration.
  • Return to the Security Scan and click Verify Confirmation Code to confirm your ownership of the domain.

After that, you will be able to track your Magento 2 store, analyze security risks, get security notifications right in your Magento account. If you have multiple websites with different domains, you can track all of them from one dashboard.

Though the tool was made for Magento 2, it can be used for testing Magento stores. Some adjustments are needed, but there are detailed instructions provided. Another pro of the tool is that it doesn’t hamper the store performance, though it’s run in the admin.

Rate the answer?
Back to top