MageReport.com has been the go-to security scan tool for many Magento developers and merchants to check if their Magento store is vulnerable since 2015. Magento recently announced and now rolled out their own security scan tool to regularly monitor Magento sites and receive updates regarding known security risks, malware, and unauthorized access. In order to use the new scan tool, you need to register your site in the partner portal and verify it, which is similar to verifying a site in Google Search Console, although it’s not necessary to make any code or template changes.
Security Scan is a free service of Magento and is available to all registered Magento merchants and their authorized developers. It can be run on any version of Magento Commerce (formerly Enterprise Edition) and Magento Open Source (formerly Community Edition).
Merchants will benefit from:
- Insight into the real-time security status of their Magento store and how to fix potential vulnerabilities
- Over 30 security tests to identify potential vulnerabilities, such as missing Magento patches, configuration issues, and failure to follow security best practices
- Historical security reports of their Magento sites, so that they can track and monitor their progress over time
- Scan result reports that clearly show which checks the site passed and failed, and whether further action is required
- Scheduling of scans for specific, recurring dates/times, and/or on-demand
- Suggested remediation steps for each failed security test
Merchants and their authorized developers can access the new tool directly within their Customer Account. And it is very easy to set up. As mentioned before, the verification process doesn’t require any code changes. If you need help setting up the security scan, please get in touch.
Screenshots
Add Site To Security Scan
This is how the screen looks to add a new site. The SSH scan ti scan for malware and file integrity is not yet available.
Once you added a site you can manually start a scan and will get a report with the following 3 sections.
Failed Scans
Unidentified Scans
Successful Scans
Documentation
To learn more about the Security Scan Tool, Magento has provided the following information on the Partner Portal:
- Overview
- Video tutorials
- Getting Started documentation and walk-through
- Frequently Asked Questions (FAQ)
You can find the information at: Partner Portal > Marketing Resources > Security Scan
If you need help setting up the security scan, please get in touch.
(Beitragsbild von peshkova)
Thank You Nick for publishing this article about Magento security. As we all know, due to increase in websites hacking and the virus attacked, we must take care of security issue and this is very serious topic around the community. https://www.cloudways.com/blog/magento-malware-removal/ is another guide that might help your readers.
Thanks for sharing the link, Alex.