Web Analytics

Fill the form & Get Installation Support

    For any Magento developer, platform and server security come first in his job. Nearly 50 per cent of the time is spent on it one way or another. In this article, we have mentioned some of the effective security steps which will save your server from hackers.

    Let’s go through the below list one by one and discuss them briefly.

    Before starting these steps make sure that your platform and server is up to date.

    These steps are mainly focused around the Magento 2 platform that are running on centos with WHM/Cpanel installed.

    1. Install Armor Anywhere

    It’s a team of 50+ ethical hackers. They keep a check on the darkweb forums for exploits people which are found and then scan your system to see if it’s vulnerable and inform you accordingly and later they patch it.

    2. Follow below link cPanelhttps://documentation.cpanel.net/display/EA/Apache+Module%3A+SuPHP

    3. Install SuPHP

    Enable cpanel server log into easyapache or you can put in a ticket with hosting provider.

    4. In WHM enable 2-factor authentication

    It needs a 6 digit code which is sent to your device authenticator app. It keeps your platform safe and locked.

    5. Through the SSH port remove FTP to force SFTP connections

    From home page go to WHM via login and then click on service manager and search for FTP un-check both boxes.


    6. Disable password authentication

    Now you need a key to install SSH ports on the server which you have to get out of WHM only after getting through 2 factors. First, they need your device as it is the only access point with the authenticator to get in. you can undo by restarting the server directly connected through a laptop at the data centre.

    7. Change the SSH port to anything random

    8. For cPanel install ClamAV

    9. On panel enable 2 factor

    In a password protected file save the passwords for the server.

    10. Using ‘Host Access Control’ restricted WHM, Cpanel, SSH, cpdavd to your IP, and your hosting companies IPs.

    11. Disable Symlink


    12. Disable non used php version php 5.5,5.6,7.0,7.1

    13. Enabled Jail shell

    14. In WHM search for security and open the security adviser and follow below suggestions

    • Setup Mod_Security

    • Set production files as read-only

    15. For the root disable SSH login

    USER https://mediatemple.net/community/products/dv/204643810/how-do-i-disable-ssh-login-for-the-root-user

    16. Use SSH Agent Forwarding to SSH from servers to servers instead of copying your SSH private keys on servers. On GNU/Linux use ssh-agent or GnomeKeyring with ForwardAgent yes under a trusted Host entry in your .ssh/config file6

    On Windows PuTTY’s Pageant supports SSH

    Agent Forwarding

    17. For admin install two-factor authentication

    The number of platforms is compromised due to SQL injection which creates an admin user. If they get an admin account then they use the marketplace to download a file editing program that allows them to upload files mainly known as virus’s malware, etc and in Magento 2 you can run the below command by login into SSH

    composer require msp/twofactorauth:3.0.0

    18. Always copy files and database independently. Do not use cpanel to cpanel account to transfer your account.

    19. Avoid using the same passwords on the new account and also change database and account passwords.

    20. enable a jailed shell environment for all new and modified users, use the Use cPanel® jailshell by default option in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).

    21. Always include the suEXEC module during the compilation of Apache as it makes that CGI applications and scripts run as the user that owns as well as executes them.

    22. In WHM go to security adviser to make sure you pass all the checks.

      Recent Articles

      Author Info

      Author Image

      Eshika Is a bibliophile and conversationalist. Her life revolves around writing , photography, presentation and repeat. "go with the Flow" is her approach in life.

      Get a Free Quote

        Let our Magento expert connect to discuss your requirement.

          We offer Magento
          certified developers.

          Our Magento clientele
          is 500+.

          We sign NDA for the
          security of your projects.

          We’ve performed 100+
          Magento migration projects.

          Free quotation
          on your project.

          Three months warranty on
          code developed by us.