In an effort to help keep online stores safe and secure throughout the holiday season, the latest version of Magento offers an enhanced Security Scan tool designed to prevent malware and other vulnerabilities. Since the average data breach takes about 280 days to resolve at the cost of roughly $3.86 million, Adobe made it a priority to boost security features to deter hackers and maintain customer confidence by partnering with Sansec. With the expertise behind this leading security company, Magento Commerce and Magento Open Source sites can both take advantage of additional tools, tests, and advice for their stores.
Benefits of Security Scan
Retailers can access real-time information about the overall security of their Magento stores, identify outdated security patches, review possible vulnerabilities in their store infrastructure, and much more. When threats are picked up by the free scanning tool, the admin will receive an automated email as quickly as possible. Some of the top benefits of this improved Security Scan feature include:
- Access to over 17,000 security tests to identify possible malware.
- Reports of past security issues for retailers to track and monitor their progress over time.
- Reports that provide successful and failed security checks, as well as best practices to resolve any found issues.
- The ability to schedule scans to run weekly, daily, or on demand.
- Identification of malware, vulnerable extensions, security misconfigurations, and more.
How to Run a Security Scan
In order to start using the Security Scan tool, simply sign into your Magento account and follow these steps:
- Click Security Scan in the left-hand panel, read the Terms and Conditions, and click Agree.
- On the Monitored Websites page, click Add Site. If you have several sites with different domains, you’ll need to configure an individual scan for every domain. Here’s how verify ownership of each domain:
- Enter the URL and click Generate Confirmation Code.
- Click Copy to copy the full confirmation code to your clipboard.
- Then, log in to the Admin as a user with full administrator privileges.
- Go to Content > Design > Configuration.
- Find your site, click Edit, and expand the HTML Head section.
- Scroll down to Scripts and Style Sheets, click in the text box at the end of any existing code, and paste the confirmation code there.
- Return to the Security Scan page and click Verify Confirmation Code.
- Once you confirm your site, you can choose whether you want the automatic Security Scan to run daily or weekly.
- If you have multiple websites, repeat this process to set up security scans for each domain.
If you have any further questions about the Security Scan tool or the new version of Magento, check out the release notes or contact a Wagento developer for more information!