Security Archives | Page 2 of 2 | Magento Hosting by Sonassi

Securely installing WordPress

Table of ContentsSecuring WordPress (standard) By Subdomain By Subdirectory Securing WordPress (Fishpig) Further SecurityWordPress unfortunately can be a target or entry point for server compromise (given the large amount of untested plugins available). There are a number of different ways of using WordPress in conjunction with your Magento store, Subdomain (eg. blog.example.com) Subdirectory (eg. example.com/blog) … Continue reading

Securely installing Magmi

Table of ContentsSecuring MagmiDefault installations of Magmi are disabled by the firewall in MageStack due to the extremely severe security risks it poses. If you wish to utilise Magmi, it must be installed and secured properly before use. Securing Magmi The most important first step is to ensure that the entire Magmi directory is not … Continue reading

Block by IP

Sometimes, your site may fall victim to an overly aggressive or problematic user. Blocking access to your server for these is very straightforward, with a simple edit to your domain's ___general/example.com.conf file Eg. To block the IP 192.168.1.1 deny 192.168.1.1; Eg. To block the IP range 192.168.1.0 - 192.168.1.254 deny 192.168.1.0/24; Alternatively, if you want … Continue reading

Block by User Agent

Sometimes, your site may fall victim to an overly aggressive or problematic crawl bot. Blocking access to your server for these is very straightforward, with a simple edit to your domain's ___general/example.com.conf file Eg. To block the Yandex crawl bot if ($http_user_agent ~* "YandexBot") { return 403; } Alternatively, if you want to give a … Continue reading

Protecting Magento admin/downloader/api/rss

Table of ContentsEnabling protection globally Accounting for custom admin URLs/routes Toggle protection by condition Toggle protection mode by IP Toggle protection mode by user agent Toggle protection mode by cookieIts possible to protect your Magento admin and Magento Connect (downloader) without changing the URLs to something obscure. You can do it with a simple Nginx … Continue reading

Protecting virtual hosts and directories

Table of ContentsAdding users Subdomains SubdirectoriesYou can block access to your any virtual host using the normal Nginx syntax, in your ___general/example.com.conf file satisfy any; allow x.x.x.x; auth_basic "Login"; auth_basic_user_file /microcloud/data/domains/x/domains/x/___general/.htpasswd; deny all; You should put the .htpasswd in the ___general directory. Directive Purpose satisfy any This means that the authentication will be performed either … Continue reading