Magento Security Scan: Scan Magento site for Malware

With an intuitive design, robustness, and the application of cutting-edge technology, Magento by far has become a giant in the eCommerce realm. By far, Magento has served over 743.000 businesses.

Just by looking at this figure, it can be said that Magento is a top-rated eCommerce solution for growing online stores. Due to its popularity, the open-source code, and the increase in online transactions, it’s not hard to see that Magento is also an appealing target to hackers.

Dealing with possible vulnerabilities, Magento uses security patches and an exclusive tool called Security Scan to protect its customers’ websites from cyber attacks.

That’s also what we’ll go over in this post: Magento Security Scan and how to run it on your Magento site.

Table of Contents

• What is Magento Security Scan?
• Features of Magento Security Scan Tool
• The cost of the Magento Security Scan Tool
• How to run a security scan on your Magento store?
  • Step 1: Set up Magento Security Scan Tool
  • Step 2: Agree to Magento’s Terms and Conditions
  • Step 3: Verify your ownership of the added website(s)
  • Step 4: Set Automatic Security Scan options
  • Step 5: Confirm emails to receive updates and scan reports
• Beyond the basic: Tips for increasing your store’s security
  • Take advantage of a robust Magento 2 Security extension
  • Assign and manage user roles in Magento 2
  • Use Magento 2 Google reCaptcha
  • More tips to keep your Magento store secure
• The bottom line!

What is Magento Security Scan?

For webmasters or developers, then most probably, Magento’s too familiar. The reputation of this open-source platform comes from its power to fulfill merchants’ ambitious goals and incredible scalability.

However, security is always the top priority for both merchants and customers when it comes to shopping online. That’s why Magento rolled out a security scan tool which is entirely free to monitor any Magento-based website for security risks.

Magento Security Scan can proactively and efficiently detect malware on websites. Most importantly, it will notify suspicious issues related to security risks, malware, or unauthorized access to the store admins.

Features of Magento Security Scan Tool

With Magento Security Scan Tool, Magento users benefit from:

• Real-time insights into your Magento store’s security status

• Best practices and suggestions for resolving existing vulnerabilities on your Magento sites

• Get over 17.000 security tests allowing you to identify potential malware on your site’s security system, for example, missing Magento patches or configuration issues, etc.

• Offer historical security reports of your sites so that you can easily monitor and keep track of your whole progress over time

• The scan reports that represent detailedly both successful and failed checks, with further actions required

• Able to schedule the security scan to run daily, weekly, or on-demand

The best thing is that the Magento Scan tool is regularly updated. This means your site security is ensured. You can feel more confident and proactive in securing customers’ personal and banking information and doing online transactions via Magento websites.

The cost of the Magento Security Scan Tool

If you’re wandering around the cost of this additional service of Magento. Believe it or not, the Magento Security Scan tool is available for free and compatible with 2 primary versions of Magento, including:

• Magento Community/ Magento Open Source

• Magento Enterprise/ Magento Commerce

This Security Scan tool is available to only Magento users and unique per site. It can be understood that Magento users must log in to their Magento accounts to request a security scan via a token.

However, there’re not only business owners who can use this tool. Authorized developers can also access the service directly within their Magento account.

How to run a security scan on your Magento store?

Magento makes the whole process to get started with its Security Scan tool as simple as possible. Requiring no coding knowledge, Magento’s scan tool is available for even merchants to use directly in their Magento account.

Basically, 4 main steps you need to take to run a security scan on your Magento store are:

• Step 1: Set up Magento Security Scan Tool

• Step 2: Log in to your Magento account. Then, agree to the Terms & Conditions

• Step 3: Add your site(s) on the Monitored Websites page. And verify your site domain’s ownership via a confirmation code

• Step 4: Schedule your security scan to happen on the basis of week and day

• Step 5: Set up your email address to get notifications of the scan reports and security updates

Step 1: Set up Magento Security Scan Tool

First and foremost, you need to set up 3 IP addresses below to an allowlist in your network firewall rules:

• 52.72.230.169

• 52.86.204.1

• 52.87.98.44

These are public IP addresses that the Magento security scan tool uses. This is the first step required to give Magento the allowance to scan your site.

Step 2: Agree to Magento’s Terms and Conditions

• Once the IP addresses are added successfully, your next step is to log in to your Magento account, then:

• Find and open the Security Scan section on the left panel

• Read all the information listed on the Terms and Conditions

• When you finish, click Agree to continue

Step 3: Verify your ownership of the added website(s)

In this step, you will be navigated to the Monitored Websites page. Now, click on the +Add Site button on the top-right corner.

Note: In case you have more than one website with different domains, you must configure each domain separately.

Once a site is added to the Magento Scan tool, you will have to verify your ownership before actually setting up the scan. This way, Magento can prevent a person without authorization from running the scan on your website or creating false identities.

To complete the verification step, once tapping on the +Add Site button, you need to:

• Enter your site URL and click on the Generate Confirmation Code at the page’s bottom

• Copy that code to the clipboard

• Open another tab and open your admin panel as a user with full Administrator privileges

• In the left sidebar, select Content > Design > Configuration

• Look in the site list and find yours. Next, tap on the Edit button

• Expand the HTML Head section and scroll down. You will see the Scripts and StyleSheets field

• On the Scripts and StyleSheets field, paste the confirmation code into the end of any existing code on the text box

• Once completed, don’t forget to click Save Configuration

Now, back to the Security Scan page in your Magento account and click Verity Confirmation Code to finish the verification step.

In case you could not verify your ownership of the requested site domain, don’t worry and contact your System Integrator or hosting provider to get support.

Once your requested site is successfully verified, we can move to the settings options of the Magento Security Scan tool.

Step 4: Set Automatic Security Scan options

Magento Security Scan tool provides store owners with 2 scan options:

• Scan Weekly (highly recommended by Magento)

• Scan Daily

For the Scan Weekly selection, Magento users can:

• Select the specific Week Day, Time Zone, and Time that the Magento Scan tool runs each week automatically

• By default, the system will scan your site each week at midnight Saturday, UTC, and continue to early Sunday

For the Scan Daily selection, merchants can:

• The scan tool can be set to run on specific Time and Time Zone daily

• By default, the scan is scheduled to run daily at midnight, UTC

Apart from Magento automatic scans, you can run a security scan anytime you want by going into the Security Scan tab and selecting Run Scan.

Step 5: Confirm emails to receive updates and scan reports

Before saving all the settings of the Magento scan tool, don’t forget to enter your email address to get notifications of scan reports as well as security updates regularly.

Click on the Submit button to complete the whole settings for the Magento Security Scan tool on your Magento account.

Beyond the basic: Tips for increasing your store’s security

No matter what, the Magento Security Scan tool is just one option you can use to protect your website from vulnerabilities, malware, and hackers.

Apart from the Magento Security Scan tool, many other security tips give you a safe shopping environment for your customers.

Take advantage of a robust Magento 2 Security extension

There are many Magento 2 security extensions available on the marketplace that enhance your site’s firewall over cyber criminals.

Developed for the needs of Magento merchants, Mageplaza’s Security extension for Magento 2, as an all-in-one security solution, helps you resolve almost all security issues a Magento-based website can face. You can get better security with

• A detailed security checklist contains warnings of security risks related to the Magento version, database prefix or admin username, etc.

• Ability to set a limit for the number of failed login attempts

• The login log that records all logins’ information, including ID, time, user name, Ip, browser agent, URL, and status

• Other advanced features: Action log, file change monitoring, and away mode

Assign and manage user roles in Magento 2

If you want a high level of specialization in operating your Magento site at the backend, a Magento 2 Admin Permissions extension is a must, especially for multi-vendor stores.

In other words, as the store owner, you can assign and control the access permissions of all admins to specific data areas on your system at the backend.

This way, you can not only leverage the backend performance and the frontend effectiveness but also prevent your data from potential risks.

Related posts: How to Assign & Manage User Roles in Magento 2?

Use Magento 2 Google reCaptcha

Using the Magento 2 reCAPTCHA is an effective way to keep your website safe from hackers. Its core functionality is to block robot software from submitting fake or nefarious online requests.

We always recommend our customers implement reCaptcha on their sites because of the negative impact of spammers and bots on web quality. And reCaptcha is one of the easiest ways through which you can prevent bots and automated scripts from spamming your sites.

Get help from experts

If you have little or no technical knowledge, it’s challenging to secure your Magento website entirely. That’s why a support & maintenance expert becomes essential. Magento 2 Support & Maintenance by Mageplaza will help you get a smooth and highly secure online store. To be specific, specialists will help you:

• Frequently support and maintain your Magento website to ensure the best security
• Install new security patches as required
• Optimize your Magento website performance
• Install/uninstall, and configure extensions
• Audit your SEO and fix and problems that may affect your ranking on SERPs

Contact experts for free consultations now!

EXPLORE MAINTENANCE SERVICES NOW

More tips to keep your Magento store secure

• Prioritize reputable hosting providers and solution integrators

• Always use a secure internet connection that is protected by the VPN.

• Running your site over an encrypted HTTPS channel

• Make sure that you use the latest version of Magento, whether it’s Magento Community Edition or Magento Commerce

• Keeping security patches up-to-date

• Backup your site regularly

• Use strong passwords and two-factor authentication

• Periodically monitor your system for threats using a tool like Magento Security Scan Tool

Related post: 7 Magento security tips to keep your eCommerce store safe & secure

The bottom line!

Thanks to the Magento Security Scan tool, keeping your Magento store secure has never been so easy. The best thing is that you can always access this powerful tool right from your Magento account, which’s incredibly convenient to enable and use,

There’s no doubt that Magento is a powerful eCommerce platform. Still it comes with many complex issues, and it’s time for you to take data protection seriously.

Thanks for reading!