Magento Security Scan: What it is and how to use it (incl. instructions)
Running an e-commerce business with Magento comes with many security benefits. Stable built-in security features already provide a good foundation for protecting your site against hackers or scammers who want to steal your business data.
In the best-case scenario, you entrust your Magento hosting to a professional provider. This will ensure highly efficient and constant protection against common web incursions. But if you want to see and retrace the current security state of your e-commerce site, there is a tool to recommend: Magento Security Scan.
Increasing the level of protection with the Magento Security Scan is easy and convenient. But how does it work?
What is Magento Security Scan?
Magento Security Scan is a free tool from Magento Commerce, the second and professional version of Magento’s cloud solution in addition to Magento Open Source. Consider and compare the two Magento versions before starting up your e-commerce site.
As a web-based tool, Magento Security Scan does not require installation. You can easily find it in the Magento Security Center.
To make your e-commerce site safer, with Magento Security Scan, you can:
- monitor each of your sites for known security risks
- check the real-time security status
- schedule regular security scans daily, weekly, or manually
- receive security reports and notifications
- store a history of your security reports
- learn how to fix potential vulnerabilities
- update malware patches
- detect unauthorized access
When checking your site, the Magento Security Scan runs over 30 tests to identify potential vulnerabilities. These could include, for example, missing Magento patches or configuration issues.
To ensure that your e-commerce shop is protected against the most common security risks, our expert checklist with tips for adequate protection on how to secure a Magento site is beneficial.
In particular, using a cloud-based Web Application Firewall (WAF) on top of AWS WAF is highly efficient and protects your Magento against common web incursions. It filters malicious traffic before it reaches your site, which guarantees you the best Magento hosting and level of protection possible.
Do you have any questions about this or any other of our advanced security solutions?
Magento Security Scan is a useful way to improve your e-commerce site protection.
How to use Magento Security Scan step-by-step
If you want to check on the security of your e-commerce store yourself, a great solution is to run Magento Security Scan. But how do you use Magento Security Scan?
In the following, we will give you a detailed, step by step explanation.
STEP 1: Verify ownership of your site
First, you have to confirm that your Magento site belongs to you.
To do that, after signing in to your Magento account, follow these steps:
- On the left side, choose Security Scan and click on Go to Security Scan
- After reading the Terms and Conditions, click on Agree
- On the Monitored Websites page, click +Add Site
- Here, enter the Site URL, then click on Generate Confirmation Code
- Copy the Confirmation code it generates
After that, you are already halfway there. Next:
- Log in to the Admin of your site
- In the Admin sidebar, click on Content → Design → Configuration
- Once there, click on your site and Edit, and expand the section HTML Head
- At Scripts and Style Sheets, paste your copied confirmation code into the text box at the end after any code and click Save Configuration
- In your Magento account, go back to the Security Scan page you visited previously and click on Verify Confirmation Code
You have now verified the ownership of your site.
Luckily, this fundamental work only has to be done only once. But there is one more thing to configure.
STEP 2: Configure and schedule the automatic security scan
The next step after verifying your site's ownership is to configure and schedule the automatic security scan. This benefits you, as it saves you a lot of time because there is no longer a need to do the scan manually.
You can choose when to run the scan from the options Scan Weekly or Scan Daily. Running the security scan too less is risky for your site's security; running it daily is too much and unnecessary. Therefore, the recommended Scan Weekly is our first choice as well.
Lastly, set your preferred day of the week, time, and time zone for when the security scan occurs. We recommend running the scan in the nighttime when the traffic on your site is relatively low. For example, schedule it for every Monday at 0:00 at the beginning of each week.
In entering your email address, you will receive the results of the scan and service patch announcements. This will save you even more time, as you don’t necessarily need to log in to your Magento account to see them, and ensures that you are always up to date.
Submit everything when you are finished.
After working through this basic configuration once, you can finally enjoy the Magento Security Scan's extensive functionality.
STEP 3: Run security scan and check the scan results
When you enter your email address while configuring the automatic security scan, you will receive the scan results shortly after completing the scan. If you are running the scan manually, you will see them directly after the scan has finished.
The results are displayed in three tables:
- successful scans
- unidentified scans
- failed scans
While you can be glad about the successful ones, you should intensively read the unidentified and failed scans.
To improve the security of your e-commerce site, perform the recommended actions in your scan report. They are displayed in the results as well and are, therefore, the most important part.
At this point, we highly recommend getting the assistance of experienced experts because if these actions are not done correctly, you could accidentally damage your site files.
At MGT-Commerce, we can offer you support as part of our high-performance Magento hosting that is fully managed on Amazon Web Services (AWS) and always available. With our concrete support, performing security scans yourself is not necessary at all. This is included in the largest part of our service that runs proactively in the background.
If you need help while checking our Magento hosting plans. We want to consult with you to find the best solution for your e-commerce site, guaranteeing your customers the best performance and security standards.
Magento Security Scan is an essential part of protecting your site
To protect your site against possible threats, the built-in Magento Security Scan is an easy and convenient feature.
After you finish configuring it, you will benefit from its automatic security scans. Magento will send you the results and recommended actions to always guarantee you the highest security level via email. But if you feel the need to check the state of your site security right now, you have the option to do it manually around the clock.
Nevertheless, you might need help from specialists to perform these actions. Contact us at any time, and we will find out the best way to secure your e-commerce site with our advanced security solutions.