How to configure Security Scan in Magento 2

Containing billions of transaction data of more than 650,000 stores worldwide, Magento 2 platform is being targeted to attack the security wall as an attractive prey for unwelcome visitors - anonymous hackers. As soon as possible, awaring the essential of security building should be taken into your account while hackers are low-key improving tricks under their sleeves to steal your precious data.

Beside having a Magento 2 Security extension, Security Scan is a new light of making no room for intrusive actions by enabling the ability to keep track of the latest patch updates/upgrades along with security notifications. It’s a totally free tool provided by professional developer teams from Magento 2. It’s provided with:

• Recording intuition of date and time security status
• Scheming the security scans daily/monthly/weekly.
• Gaining reports of 30+ security result tests and suggest useful corrective actions for unsuccess test case(s).
• Loging all security reports into a history log that is an amazing idea for to keep track activities.

How to configure Security Scan in Magento 2

Learn how to configure Security Scan in Magento 2:

• Step 1: Enable Security Scan in Magento 2 account
• Step 2: Verify possession of your domains
• Step 3: Schedule Security Scan program

Step 1: Enable Security Scan in Magento 2 account

• Before taking the way to Security Scan, you should sign in your account at https://magento.com/. Choose Security Scan at the left panel.

• Click on the red button Go to Security Scan
• There will be displayed Terms & Conditions box and principles for you to read and accept.

Step 2: Verify possession of your domains

• After accepting its Terms & Conditions from Step 1, you will be redirected to Monitered Websites. If you have more than one sites with different domains, you should set up individual scan for each of domain.
• Next, you should verify right of possession of those domains.
  • Enter the URL of your site, click Generate Confirmation Code
  • Ctrl+C to copy the confirmation code.
  • Login to your Magento admin backend, follow Content > Design: Configuration. Find your site in the list and click Edit.
  • Expand the HTML Head > Scripts and Style Sheets, paste the code in there
  • Don’t forget tapping Save Config when you’re done.
  • Return to the Security Scan page, click on Verify Confirmation Code.

Step 3: Schedule Security Scan program

You can choose one of two modes to protect your store carefully.

• Scan Weekly (recommended): Set up Week Day, Time and Timezone so your sites will be scanned weekly

• Scan Daily: Similar to scanning for weekly, but you just need to choose your appropriate time for Time and Time Zone.

• Finally, enter your email address so the system will have the idea where they should send the automatic email notifications informing. * Click Submit is the final step.

This is the guidance for each of domain only. For other domain, please carefully follow this tutorial once more.

Reference:

• Magento 2 security FREE on Github.
• Install Magento 2 Security Patches.