Anyone who has been the owner of a eCommerce store knows that if you don’t take precautions getting hacked is a matter of when not if. In addition to any other steps you can find online here are a few more I have been doing lately.
We do offer hosting here at Towering Media and we have already taken these steps.
• Run a PCI complaint server.
• Stop listening to the FTP port on the computer. Instead connect over SFTP though the SSH port.
• Randomized your SSH port.
• Run CFS firewall
• Stop listening on your web disk port usually 2077
• Setup brute force protection
• Update your openSSL version
updating your OPENSSL through SSH
wget http://www.openssl.org/source/openssl-1.0.1j.tar.gz tar -xvzf openssl-1.0.1j.tar.gz cd openssl-1.0.1j ./config --prefix=/usr/ make sudo make install
• Of course keep your magento installation updated
• Keep your blog software, forums, ticket systems etc. up to date.
Create a development site for WHM/Cpanel users make the development site in another cpanel account. Put a .htaccess password protection file on it. This way if you need to give our your FTP / Cpanel logins to third party developers that may be overseas they don’t have access to your live site. Ask them what files they made changes to and move those files to live yourself / or your trusted developer can do this.