With security being top-of-mind for all responsible ecommerce merchants, vendors, and agencies, it is important to have the tools to detect any vulnerabilities that might exist on your site.
Related: Magento Commerce B2B release strengthens DEG’s ecommerce arsenal.
- Log into your Magento Account
If you do not have an account, creating an account is free at magento.com
- Agree to the Terms of Service
The terms of service boil down to the following, but please read them carefully.
- Only scan things you have the license to scan.
- You can’t blame Magento for anything the tool does.
- Use the tool at your own risk.
- Nothing is Magento’s fault.
- Magento can cancel this tool at any time.
Magento’s Security Scan will check against defined best practices to notify users when a failure occurs.
Verify That You “Own” a Magento Site
To verify a site, you need to enter the site URL and set the given confirmation code onto the page. This can be done using the instructions given on the right.
Configure the Security Scans
It looks like the scans will continue to evolve with the option of a deeper level of scanning through SSH connections, which will look through your database and code for malware that may have been injected.
In this section, you can also set up the frequency of the scans and who gets the notification of scan results.
Run the Security Scan
If the scan is not run on a schedule, you can run the scan from the main security page. Under the Actions menu, select “Run Scan.” This will queue up a process that will run the scan. Once it is complete, it will appear as “complete” under the scan status. Running the scan one time is not good enough to ensure the security of your site. The scans should be run on a regular cadence so that any new security checks that Magento put in place will run against your site.
View the Security Scan Results
The scan results are split into two sections—failures and successes. If it is not obvious, you should pay close attention to the “Failed Scans” section and address those as soon as possible.
To read more about Magento security, or to sign up for its security newsletter, visit its security page.