(Includes Shoplift vulnerability [SUPEE-5344] test!)
Must-have Magento security extension for all! Works on both Community & Enterprise editions.
59% of Community edition websites & 46% of Enterprise edition websites are VULNERABLE!! Are you one of them? Don’t wait until it’s too late!
This extension scans for all the below tests and vulnerabilities which are usually used by the hackers to exploit Magento enterprise and community edition websites. By protecting your website from below attacks, your web store becomes very secure and protected from bad guys. Highly recommended after the infamous Magento vulnerabilities exposure such as ShopLift and Cacheleak.
» Default admin login page URL exposure test – Checks if your website have default admin panel location, which is not recommended and makes attackers task easier.
» Magento Downloader login screen exposure test – Magento downloader is used to upload Magento extensions to your website, which is not recommended in production.
» Directory listing test – Checks whether you are listing all your directories and files to the world. This is common and dangerous thing.
» File permissions test – Checks whether you are allowing your sensitive files to display to the world or not. Again it is common mistake that even big websites do.
» File content exposure test – Are you showing your database and website username/password configuration settings to the world?
» Magento latest version test – Checks if you are using old version of Magento or are using outdated version which is not recommended.
» Admin panel security test – Checks how secure is your admin panel
» Default “admin” user account test – You should really get rid of “admin” username as it’s really very common administrator username to have.
» Lifetime coupons test – Do you want to give your products in discount price even if there’s no discount on it?
» HTTPS test on checkout and customer page – Customer and checkout page contains very sensitive information of customers, it should be very secure.
» Repository code exposure test – Are you showing your code to the world?
… and we are adding more!!
→ Restrict only limited IPs to access admin panel in .htaccess
→ If you have any unused admin account(s), delete them
→ Delete old employees admin accesses, try not to give full access/rights to everyone
→ Try not to access your Magento admin panel from public places like coffee shops or airports
→ Apply all the Magento security patches applicable without any delay
→ If you have any development and/or staging websites, restrict them to specific IP addresses only and enable HTTP BASIC auth
→ Do you have any unneeded webservice users/roles? Delete them or don’t give full access to those roles
→ Make sure all the installed and active extensions are up-to-date
→ Set correct ownership to files and folders and make sure your files/folders and not readable/writeable by the world
→ Do you backup your codebase and database regularly? Keep your backups to external server/local so in case your server dies you always have backup at other places to restore
– You can see license agreement here
– Please allow us 24 hours to deliver extension on your email after your payment. We don’t automate email delivery of extension immediately after payment, so it may take few hours to send the extension to your email.
Thanks for this extension, we are satisfied with the features. Though we have to manually fix the issues, which is good for us to make sure nothing breaks rather than relying on the extension which may not work in all the environments.
Thanks for this extension, it correctly identified our Magento misconfigurations and we never knew we were exposed all this time! We fixed it as per the instructions it gave in admin and everything is good now.
Thanks for adding Shoplift vulnerability test. Please also add all the previous vulnerability tests to check everything in one place.
Perfect security extension for our Magento store! We had 4 failed tests which we never knew, thank god we used this extension to identify our website's vulnerabilities. With the given instructions we fixed our security issues and we are now secure!!
Thanks for this great extension! Recommended!!