"[intro_start]Magento has announced the latest addition to its product range: its own security tool. Why security? Every merchant is threatened by hackers, often without knowing it. Hackers attempt to install malware, look for security vulnerabilities, and want access to the backend.[intro_end] The security tool is a free service that works on both Magento 1 and Magento 2. There is no distinction made between Magento Commerce (formerly Enterprise) and Magento Open Source (formerly Community). With the new tool, Magento aims to contribute to the safety of all Magento shops operating worldwide.
What are the benefits for the seller?
The tool scans your Magento installations and offers you the following possibilities:
Real-time insight into the security status of all Magento installations, and an explanation of how you can (let) fix certain issues.
More than 30 security tests to identify potential vulnerabilities, such as missing patches, configuration issues, and not following 'best practices' in security.
Insights into reports from the moment you activate the tool, so you can look back at your history.
Reports of the results that clearly indicate which installations pass the test and which do not.
You can schedule the tests online and have them run daily or weekly, for example. You can see the results online immediately, or you can receive them in your mailbox.
Recommended steps for each failed security test.
example of a report via your Magento.com account
How does the Magento security tool work?
The security tool is now available for anyone with a Magento account (sellers, partners, and developers). After logging in, you will see the option ‘Security Scan’ under the ‘Magento’ tab in the left menu. This video explains exactly how to set up the tool for Magento 2, for your own shop or that of your clients. Magento indicates that it will continue to update the tool to keep up with the latest updates and developments in the field of safety and security.
Is it enough?
We have been testing the tool intensively for a few days now, and our first impression is positive. Although we already had a similar solution with magereport.com, an initiative from Byte. Magereport performs similar checks and works out of the box. You only need to provide a URL. We receive a notification daily on whether the sellers we serve are still completely security-proof, which is why we have added this security tool to our roadmap for security checks. Customers of Epartment will soon have the opportunity to receive these reports weekly via email. We believe that the tool certainly adds value for many sellers."