How to secure you Magento installation from possible hacks


Magento is widely used as a powerful e-commerce platform, hence it is popular and widely used there are more hacks and malware created from outside world to attack magento to steal information or redirecting users to advertisement pages.

Here I will tell you how you can protect your magento installation files, there are other steps to protect as well but here I am focused on files and directory level protection.

Note: This tutorial needs the SSH access

Make your core files not writable

First thing you need to do is make your core magento files not writable so a malware can’t change these files.
We will be using 0555 permissions on files (just read and execute)

$ cd /home/user/web/magento/app
$ find . -type f -exec chmod 0555 {} ;

$ cd /home/user/web/magento/lib
$ find . -type f -exec chmod 0555 {} ;

Make your directories by owner writable only

Second thing you need to do is make your magento directories by owner writable so you can install plugins/extensions into magento.
We will be using 0755 permissions on directories (owner only write, public read and execute)

$ cd /home/user/web/magento
$ find . -type d -exec chmod 0755 {} ;

Make cache and log files writable

At the end we need to make log files and cache writable so I am going to make whole var/ directory writable

$ cd /home/user/web/magento
$ chmod -R 0777 var/

That’s it for protecting files and directories.
I welcome other suggestions to protect code. Thanks.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s