How to secure you Magento installation from possible hacks

Magento is widely used as a powerful e-commerce platform, hence it is popular and widely used there are more hacks and malware created from outside world to attack magento to steal information or redirecting users to advertisement pages.

Here I will tell you how you can protect your magento installation files, there are other steps to protect as well but here I am focused on files and directory level protection.

Note: This tutorial needs the SSH access

Make your core files not writable

First thing you need to do is make your core magento files not writable so a malware can’t change these files.
We will be using 0555 permissions on files (just read and execute)

$ cd /home/user/web/magento/app
$ find . -type f -exec chmod 0555 {} ;

$ cd /home/user/web/magento/lib
$ find . -type f -exec chmod 0555 {} ;

Make your directories by owner writable only

Second thing you need to do is make your magento directories by owner writable so you can install plugins/extensions into magento.
We will be using 0755 permissions on directories (owner only write, public read and execute)

$ cd /home/user/web/magento
$ find . -type d -exec chmod 0755 {} ;

Make cache and log files writable

At the end we need to make log files and cache writable so I am going to make whole var/ directory writable

$ cd /home/user/web/magento
$ chmod -R 0777 var/

That’s it for protecting files and directories.
I welcome other suggestions to protect code. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *