Web Analytics

Fill the form & Get Installation Support

    One of the most essential parts of any Magento store is its Admin panel. Admin panel allows you to see customers and their orders. You can put in products and change their pricing. So basically you can follow, change and perform a day-to-day business activity.

    A hacker can gain valuable information for spam campaigns or can change the payment page to get credit card details for fraudulent purposes. In such cases, a breach of the admin part can be a little difficult and expensive. It might also result in large fines that can even force a website to cease trading.

    For this purpose, there is password protection and other option available to have the admin panel on a non-standard website URL. But do you think this is enough?

    In some cases, search engines know your admin URL allowing it to be found with a very simple web search. There are a few reasons this can happen but ultimately they boil down to the admin URL becoming visible in the frontend and a search engine following the link. Unfortunately, the admin area doesn’t have a “NOINDEX, NOFOLLOW” meta tag so the page is indexed for search.

    “A search engine knows your Magento Admin URL”

    We strongly recommend restricting admin access to limited IP addresses. You can do that, by three sources that you can use to compromise the security of your website.

    Hackers can enter through Magento Connect downloader so you need to change the connect manager URL in order protect your site. Hacker might get confused if you specify a completely different path. You can restrict the access to/downloader/ location by IP address through the .htaccess file.

    If you don’t want users to access the RSS feed then you can limit this feature because it has been seen in recent times that hackers make a force attacks through RSS feeds. You can create IP whitelisting that will redirect the request from classified visitors to the main page.

    You need to have tight security for your Magento admin panel. You can even block IP addresses from all other countries and this restriction truly works if you know your consumers are fellow citizens.

    If you value your customer’s privacy, which you should, you should take every measure possible to protect access to this data. Obscuring the admin URL isn’t enough. Two Factor authentication modules are available which require your password and something else to log in (perhaps a Google authenticator key), you can secure the admin so it can only be accessed from specific locations (IP addresses). We also recommend that in Magento Commerce/Enterprise you review the admin logs periodically to ensure no suspicious login activity is happening.

    Fill the form below if you need any kind of Magento consultancy service.

      Recent Articles

      Author Info

      Author Image

      Eshika Is a bibliophile and conversationalist. Her life revolves around writing , photography, presentation and repeat. "go with the Flow" is her approach in life.

      Get a Free Quote

        Let our Magento expert connect to discuss your requirement.

          We offer Magento
          certified developers.

          Our Magento clientele
          is 500+.

          We sign NDA for the
          security of your projects.

          We’ve performed 100+
          Magento migration projects.

          Free quotation
          on your project.

          Three months warranty on
          code developed by us.