MageSecure – Magento Security Extension.

4 Reviews

MageSecure – Magento Security Extension

(Includes Shoplift vulnerability [SUPEE-5344] test!)
Must-have Magento security extension for all! Works on both Community & Enterprise editions.
59% of Community edition websites & 46% of Enterprise edition websites are VULNERABLE!! Are you one of them? Don’t wait until it’s too late!

Product description:
This extension scans for all the below tests and vulnerabilities which are usually used by the hackers to exploit Magento enterprise and community edition websites. By protecting your website from below attacks, your web store becomes very secure and protected from bad guys. Highly recommended after the infamous Magento vulnerabilities exposure such as ShopLift and Cacheleak.

DEMOhttp://magentools.com/magesecuredemo/index.php/admin/magesecure/scan/autologin/1

Security Tests:
» Default admin login page URL exposure test – Checks if your website have default admin panel location, which is not recommended and makes attackers task easier.
» Magento Downloader login screen exposure test – Magento downloader is used to upload Magento extensions to your website, which is not recommended in production.
» Directory listing test – Checks whether you are listing all your directories and files to the world. This is common and dangerous thing.
» File permissions test – Checks whether you are allowing your sensitive files to display to the world or not. Again it is common mistake that even big websites do.
» File content exposure test – Are you showing your database and website username/password configuration settings to the world?
» Magento latest version test – Checks if you are using old version of Magento or are using outdated version which is not recommended.
» Admin panel security test – Checks how secure is your admin panel
» Default “admin” user account test – You should really get rid of “admin” username as it’s really very common administrator username to have.
» Lifetime coupons test – Do you want to give your products in discount price even if there’s no discount on it?
» HTTPS test on checkout and customer page – Customer and checkout page contains very sensitive information of customers, it should be very secure.
» Repository code exposure test – Are you showing your code to the world?
… and we are adding more!!

Security Tips:
→ Restrict only limited IPs to access admin panel in .htaccess
→ If you have any unused admin account(s), delete them
→ Delete old employees admin accesses, try not to give full access/rights to everyone
→ Try not to access your Magento admin panel from public places like coffee shops or airports
→ Apply all the Magento security patches applicable without any delay
→ If you have any development and/or staging websites, restrict them to specific IP addresses only and enable HTTP BASIC auth
→ Do you have any unneeded webservice users/roles? Delete them or don’t give full access to those roles
→ Make sure all the installed and active extensions are up-to-date
→ Set correct ownership to files and folders and make sure your files/folders and not readable/writeable by the world
→ Do you backup your codebase and database regularly? Keep your backups to external server/local so in case your server dies you always have backup at other places to restore

LICENSE:
– You can see license agreement here
– Please allow us 24 hours to deliver extension on your email after your payment. We don’t automate email delivery of extension immediately after payment, so it may take few hours to send the extension to your email.
 

Compatibility: Magento Community 1.4, 1.4.1.1, 1.4.2, 1.5, 1.6, 1.6.1, 1.6.2.0, 1.7, 1.8, 1.8.1, 1.9, 1.9.1, 1.9.2 and Enterprise 1.12, 1.13, 1.13.1, 1.14, 1.14.1, 1.14.2
Price: $89




Summary

Developer Rating
Aggregate Rating
5 based on 4 votes
Brand Name
MagExt
Product Name
MageSecure Magento Security Extension
Price
USD 89
Product Availability
Available in Stock
Submit your review
1
2
3
4
5

Submit

     

Cancel
Create your own review

Average rating:  

 4 reviews

by Paul on MagExt
Satisfied

Thanks for this extension, we are satisfied with the features. Though we have to manually fix the issues, which is good for us to make sure nothing breaks rather than relying on the extension which may not work in all the environments.

by Rachel J. on MagExt
Correctly identifies issues

Thanks for this extension, it correctly identified our Magento misconfigurations and we never knew we were exposed all this time! We fixed it as per the instructions it gave in admin and everything is good now.

by Lucas on MagExt
Shoplift vulnerability

Thanks for adding Shoplift vulnerability test. Please also add all the previous vulnerability tests to check everything in one place.

by Erik R. on MagExt
Perfecto!

Perfect security extension for our Magento store! We had 4 failed tests which we never knew, thank god we used this extension to identify our website’s vulnerabilities. With the given instructions we fixed our security issues and we are now secure!!

Thanks for this great extension! Recommended!!


3 Comments

  1. Loren
    May 25, 2015 at 9:58 pm · Reply

    Thanks for this extension, we were vulnerable!

Leave a Reply

Your email address will not be published. Required fields are marked *


− 2 = five

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">