• en
    • et
    • fi
    • da
    • no
    • sv

E-store security: Platform content management panel

Content management on the platform is certainly one of the most important places to be secure.

Logging in to content management

Our recommendation is to always keep the content management reference unique, because malicious bots already know in advance the options like Admin, Backend, Back, Backendadmin, etcetera. You could write /pinkpudding in there – as long as it’s not easily guessable. It’s also easy to associate the connection with the domain name or some other name that recurs on the website (you could also exclude the company’s real name).

It would be best to limit the whole panel to IP addresses as well – this also prevents brute-force hacks. In addition, VPN support could be added, so that users with dynamic IPs can also access the content management (or make it so that only VPNs can access the content management, if you want a particularly high level of security within the company).

If this option is out of the question, a safety box would be an option, which would add an inconvenient extra step for the robot. For example, a Google Captcha would work well.

The best combination would of course be IP restriction + security box.

Activities in content management

It’s also quite common that if previous steps are ignored, the robot can get into someone’s content management and start to do mischief there. Another possibility is that the mischief-maker is a (former) employee.

To keep an eye on this, we recommend installing a content management activity logging module that records exactly which activities were done when and what was done.

In addition, you could also keep track of exactly what admin (the most privileged user) users are doing. To protect this, it would be necessary to either log the admins’ activity to another server or make a continuous backup of the admin audit table and then make a copy of it.

Another possibility is to restrict user roles in Magento so that users only have access to the elements needed.

For example: There is an employee in the company who enriches the products, and he/she only needs to see the products – access to orders and system settings are not needed.

In addition to all the above, it is advisable not to work under a single user, but each employee should have their own personal account.

For example: The e-store is managed by 5 people who always work from the office. There is a content management activity logging module, but the staff all use the same user.

The result: The product enrichment/delivery is messed up/records are incorrectly saved, etc., but who did it is unknown as the log shows the same user from the same IP and browser.

Share this post: LinkedIn facebook
Gardenhouse24 Successful E-business Gardenhouse24: Ten Countries in Three Years
Becoming an exporter is the dream of every ambitious entrepreneur – it shows that...
Read more 31. January 2024
Lumav ERPLY Order Center for Business Customers – a joint project between Erply and Lumav
We’ve been asked a lot about the solutions we’re working on with Erply. We’re...
Read more 08. November 2023

SCHEDULE A MEETING




    Lumav - Magento Partner

    As a Magento Certified Partner, we provide our customers with the best solutions for business growth.