Magento Vulnerability Scanning Tool – Check Your Site’s Security By Yourself
Magento has developed a new security testing tool that allows Magento users to regularly monitor their sites and receive news about known security threats, malicious software, and unauthorized access. Security Scan is a free Magento service that can run on any Magento Commerce (formerly Enterprise Edition) and Magento Open Source (formerly Community Edition) versions.
Benefits for users:
- Information about the Magento store’s real-time security status and how to remove potential vulnerabilities
- More than 30 security tests to detect signs of vulnerability, such as missing Magento patches, configuration issues, or failure to comply with best security practices
- Historic Magento Web Site Security Reports to Track and Track Web Site Progress Over Time
- Test result reports that clearly indicate which points the site has met, which are not, and whether further action is required
- Scheduling checks for specific, recurring days and/or on-demand
- Suggested recovery steps for each failed security check
Users can access this security checking tool directly from their Magento account. Magento security checking with this new tool is very easy to configure.
Due to the constant appearance of patches, Magento will regularly update this tool in the future. The inspection tool today is only available for commercial products, but later it is hoped to extend security features to additional Magento products.
The goal of Magento is to help consumers ensure the highest level of website security because their customers expect it.
Using the New Security Tool
Installing and using this tool is very simple:
First, sign in to your Magento account. Open the Security Scan section after logging in.
Click the Go to Security Scan button below. You will be directed to the Monitored Websites page. Click the Add Site button here. In the next step, you will need to confirm that the site belongs to you. Keep in mind that with multiple websites, this configuration needs to be done for each site individually.
First, you need to enter the URL of the site, save the site name, and click Generate Confirmation Code. Copy the generated code and log in to the Magento Admin panel.
Go to System> Configuration> General> Design. Expand the HTML Head section here and paste the generated code you copied into the Miscellaneous Scripts field. After all, click the Save Config button.
Go to Content> Design> Configuration. In the Action column, click Edit next to the site. Expand the HTML Head section here and paste the generated code you copied into the Scripts and Style Sheets field. After all, click the Save Configuration button.
Return to the window where you generated the code and click Verify Confirmation Code. Next, in the Set Automatic Security Scan section, you can set up an automatic security scan every week, every day, or leave the automatic scan off. After setting the desired configurations, click the Submit button. If all is well, the site will be added to the Monitored Websites list and you will be directed to this page.
If you have not set up an automatic scan, you can start a manual scan by selecting Run Scan from the drop-down menu. When the scan is complete, the Scan Status column displays the complete message. Click View Report to view scan results. The results will be divided into three sections: Successful Scans, Failed Scans, and Unidentified Scans. In the last two sections of the Action field, there are usually recommendations for how to fix the problems found.
We recommend that you run this scan regularly as your site may become a target for cyber attacks at any time. Therefore, we recommend setting one of the automatic scan options in the scan configuration.
Interested? Let's discuss your project
Call us or write us an email and we will arrange a meeting, during which we will discuss your project and our ideas for you.