We don't monkey around your business.
For any Magento developer, platform and server security come first in his job. Nearly 50 per cent of the time is spent on it one way or another. In this article, we have mentioned some of the effective security steps which will save your server from hackers.
Let’s go through the below list one by one and discuss them briefly.
Before starting these steps make sure that your platform and server is up to date.
These steps are mainly focused around the Magento 2 platform that are running on centos with WHM/Cpanel installed.
1. Install Armor Anywhere
It’s a team of 50+ ethical hackers. They keep a check on the darkweb forums for exploits people which are found and then scan your system to see if it’s vulnerable and inform you accordingly and later they patch it.
2. Follow below link cPanelhttps://documentation.cpanel.net/display/EA/Apache+Module%3A+SuPHP
3. Install SuPHP
Enable cpanel server log into easyapache or you can put in a ticket with hosting provider.
4. In WHM enable 2-factor authentication
It needs a 6 digit code which is sent to your device authenticator app. It keeps your platform safe and locked.
5. Through the SSH port remove FTP to force SFTP connections
From home page go to WHM via login and then click on service manager and search for FTP un-check both boxes.
6. Disable password authentication
Now you need a key to install SSH ports on the server which you have to get out of WHM only after getting through 2 factors. First, they need your device as it is the only access point with the authenticator to get in. you can undo by restarting the server directly connected through a laptop at the data centre.
7. Change the SSH port to anything random
8. For cPanel install ClamAV
9. On panel enable 2 factor
In a password protected file save the passwords for the server.
10. Using ‘Host Access Control’ restricted WHM, Cpanel, SSH, cpdavd to your IP, and your hosting companies IPs.
11. Disable Symlink
https://documentation.cpanel.net/display/EA4/Symlink+Race+Condition+Protection
12. Disable non used php version php 5.5,5.6,7.0,7.1
13. Enabled Jail shell
14. In WHM search for security and open the security adviser and follow below suggestions
• Setup Mod_Security
• Set production files as read-only
15. For the root disable SSH login
USER https://mediatemple.net/community/products/dv/204643810/how-do-i-disable-ssh-login-for-the-root-user
16. Use SSH Agent Forwarding to SSH from servers to servers instead of copying your SSH private keys on servers. On GNU/Linux use ssh-agent or GnomeKeyring with ForwardAgent yes under a trusted Host entry in your .ssh/config file6
On Windows PuTTY’s Pageant supports SSH
Agent Forwarding
17. For admin install two-factor authentication
The number of platforms is compromised due to SQL injection which creates an admin user. If they get an admin account then they use the marketplace to download a file editing program that allows them to upload files mainly known as virus’s malware, etc and in Magento 2 you can run the below command by login into SSH
composer require msp/twofactorauth:3.0.0
18. Always copy files and database independently. Do not use cpanel to cpanel account to transfer your account.
19. Avoid using the same passwords on the new account and also change database and account passwords.
20. enable a jailed shell environment for all new and modified users, use the Use cPanel® jailshell by default option in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).
21. Always include the suEXEC module during the compilation of Apache as it makes that CGI applications and scripts run as the user that owns as well as executes them.
22. In WHM go to security adviser to make sure you pass all the checks.
Eshika Is a bibliophile and conversationalist. Her life revolves around writing , photography, presentation and repeat. "go with the Flow" is her approach in life.
Before you leave,
