Referring to the latest Foregenix survey, 47K out of 60K e-commerce websites are lack of critical security patches from which more than 3K were hacked in 2017 and missed sensitive customer data. Well, who’s next? Maybe you… Or do you honestly believe Magento 2 makes an exception? Unfortunately not.
Magento has been one of the most prevalent platforms for years in comparison with other e-commerce solutions. The technical capabilities cover not only e-commerce startup needs, but the demands of larger businesses and retail giants.
The fact makes the platform a sweet spread for attackers. That’s the reason why we have decided to bring that up and tell you about Magento 2 native security features.
5 MAGENTO 2 SECURITY FEATURES
With the mass migration to the new version and a large number of detected vulnerabilities, Magento Security Center regularly releases security patches and updates for basic admin configurations of which we’ll say here today.
The major built-in protective configurations presented below can be utilized by anyone who runs Magento 2 for security needs:
#1 STRONG DATA ENCRYPTION
Strong data encryption is one of the well-known Magento 2 security features. It is available for both Magento Commerce and Magento Open Source versions and centered around the usage of a strong encryption key to protect passwords and other vulnerable information.
All the sensitive information is enciphered with the AES-256 algorithm. This confidential data, which further requires decryption, includes credit card information, payment and shipping module passwords. As for the remaining information, it doesn’t require decryption and, therefore, is hashed with a strong SHA-256.
When installing Magento you can choose either to allow the platform generate an encryption key or type in your own one. This Magento Encryption Key tool permits you to set a key as you need it.
To improve your store security the key should be regularly changed, for instance, any time when the original key might be compromised. Once the encryption key is changed, all the confidential information will be re-enciphered all over again.
HOW TO CHANGE THE ORIGINAL ENCRYPTION KEY FOR MAGENTO 2 SECURITY?
To change the encryption key, make sure that the following file is writable: [your store]/app/etc/env.php.
- When logged into the Admin Panel, navigate to System>Other Settings>Manage Encryption Key:
- Choose either to auto-generate the key or to use your own one;
- For the first variant, set Auto-generate a Key to “Yes” and click the Change Encryption Key button;
- To use a different key set Auto-generate a Key to “No”. Then in the New Key field, enter the key that you want to use and click the Change Encryption Key button.
Once that’s done, a new key is added. Please, keep a record of the new key in a safe place, as you may need to decrypt the data if any problems occur with your files.