Back in October, Magento 2.4.1 was released with tools and features designed to help eCommerce retailers enhance several aspects of their online stores. Along with 15 security upgrades, nearly 300 issues resolved through GitHub, and 150 fixes to the core code, the latest version also includes this major highlight: the Magento Security Scan Tool.
How Magento Security Scan Works
The enhanced Magento Security Scan Tool is a free feature that makes it easier than ever for retailers to stay on top of any potential security issues. Adobe partnered with Sansec, a leading cybersecurity company, in order to add around 9,000 malware and vulnerability signatures to the scanning tool at the pace of roughly 300 new signatures per month. The scanning feature regularly monitors your website—or multiple websites—to check for security risks, malware, and outdated software. Additionally, this tool has been made available to merchants on all versions of Magento Commerce and Magento Open Source sites. So, even if you haven’t had the chance to upgrade to version 2.4.1 yet, you can access and enable the tool by logging into your Magento Marketplace account and following these steps:
- Click Security Scan in the left-hand panel, read the Terms and Conditions, and click Agree.
- On the Monitored Websites page, click Add Site. If you have several sites with different domains, you’ll need to configure an individual scan for every domain. Here’s how verify ownership of each domain:
- Enter the URL and click Generate Confirmation Code.
- Click Copy to copy the full confirmation code to your clipboard.
- Then, log in to the Admin as a user with full administrator privileges.
- Go to Content > Design > Configuration.
- Find your site, click Edit, and expand the HTML Head section.
- Scroll down to Scripts and Style Sheets, click in the text box at the end of any existing code, and paste the confirmation code there.
- Return to the Security Scan page and click Verify Confirmation Code.
- Once you confirm your site, you can choose whether you want the automatic Security Scan to run daily or weekly.
- If you have multiple websites, repeat this process to set up security scans for each domain.
Features and Benefits
After you’ve successfully set up the Magento Security Scan tool for your website, you’ll start to receive regular reports about your store, including suggestions for best practices if any issues are found. If any threats are detected by the scanning tool, an automated email will be sent to the admin immediately so that fixes can be made as soon as possible. Other benefits of the Security Scan feature include:
- Access to over 17,000 security tests to identify possible malware.
- Reports of past security issues so retailers can view, track, and monitor their progress over time.
- Reports that clearly display successful and failed security checks, as well as recommending the best practices to resolve any found issues.
- The ability to schedule scans to run weekly, daily, or on demand.
- Access to real-time security insights of the online store.
- Identification of malware, vulnerable extensions, security misconfigurations, and more.
How to Get Started
Before the holiday season gets into full swing, Adobe strongly recommends merchants to enable the Magento Security Scan tool on all of their websites, regardless of which version of Magento they’re using. You can find step-by-step information about setting up the feature here, or you can connect with a Wagento developer if you have additional questions!