Skip to main content
Blog Magento

Top 5 Ways to Increase Security in Magento

September 16, 2014 |

Magento, one of the popular Open source eCommerce platforms with more than 2 million customers worldwide, has a secure framework which protects the data from potential hackers using the latest Magento services for security.

E-Commerce websites are a goldmine for hackers since it contains sensitive information, along with financial details. To protect your E-Commerce website and customer data from potential theft, it is crucial for the retailers to step up their security measures. Magento, one of the popular Open source E-Commerce platforms with more than 2 million customers worldwide, has a secure framework which protects the data from potential hackers.

5 Ways to Increase Security in Magento

Even though the platform is secure, there are a few loopholes which can be exploited. Listed below are the top 5 methods to increase the security measures in your Magento E-Commerce website.

1. Correct Permissions To The Folder:

Providing the correct permission to the Magento folder structure is the basic necessity to secure the website from an external force. A majority of the hacked E-Commerce websites do not follow proper folder permissions, thereby inviting trouble. In the folder structure:

  1. Don’t use extensions that require 777 permissions.
  2. Always use 644 permission for js, css, html files.
  3. Don’t provide execute permission to Java Script files. Java Script files are the most vulnerable files for hackers.

If you are not aware of the folder permission number, the below table will help you.

[table id=4 /]

2. Allow Admin Access From Specific IP Address:

Magento Admin access forms the backbone of the entire E-Commerce website. To protect it from a potential attack, it is recommended that only specific IP addresses should be allowed to access the admin module.

The .htaccess code given below will allow the admin panel access from a specific IP address

  Order Deny,Allow  Deny from All  Allow from  

3. Create a Customized Admin URL.

Many Magento websites use the default admin URL which is This increases the vulnerability for hackers to get on to the admin log-in page and start detecting the passwords. This can be prevented by replacing “/admin” with a customized term.

Follow these steps to have a customized URL for admin access.

    Locate /app/etc/local.xml
    Replace the term “admin” with your desired word


Change in Magento Backend

System >>  Configuration >> Admin >> Admin Base Url Section

Change “Use Custom Admin URL” drop down to “Yes”

In the “Custom Admin URL” text box enter your customized URL term and click on “Save config

These settings will create a customized admin URL instead of the default one.AdminPanel-compressed

4. Set A Strong Password For Your Magento Backend

Always set strong passwords for the admin module. Use one which has a mix of upper and lower case alphabets, numbers and special characters. Furthermore, set a different Magento admin password from the rest of the other passwords.

5. Moving File Using Only SFTP

While moving files to the live server, it is recommended to use SFTP (Secure File Transfer Protocol). Additionally, a Virtual Private Network (VPN) will provide complete security during the file transfer.

One of the major challenges that E-Commerce retailers face these days is to win the trust of the customer, who is willing to pay his or her money for the product. To achieve that, it is inevitable that E-Commerce companies follow these simple protocols to ensure foolproof security.

DCKAP is an end to end E-Commerce solutions provider specializing in building Enterprise E-Commerce store fronts in Magento. You can reach us at (or) 1-877-872-3252 (US) (or) +44(0) 144 250 6383(UK)


Ramachandran, known for his expertise in developing numerous eCommerce projects at DCKAP for over a decade. Currently handling DCKAP's product suite as a product manager and is now heading towards marking new milestones in his upcoming journey.

More posts by Chandran