Magento 2 security topics play a significant role in the success of every online business. Nowadays, this topic has become even more important due to the huge number of various hacker attacks and sensitive data leaks worldwide. It is the duty of every website manager is to make sure that the key security rules are followed and the website is well-protected. The following article describes the Magento 2 security best practices for protecting your website against cyber threats.

It is important to keep your online store updated to the latest Magento version, as it has the most recent improvements, security updates, and other fixes. And every time such upgrade is performed, the website should be carefully tested to make sure that all issues or conflicts are fixed after the upgrade.

Today we want to share with you our test cases after Magento upgrade that we normally use testing Magento stores.

Magento has released a new security patch SUPEE-6788, and we would like to share our experience with its installation troubleshooting. We are describing this topic assuming that you’ve already checked a web store on magereport.com and implemented the security recommendations like closing access to var directory, downloader, changed the URL to the admin panel to more secure etc. We will also try to avoid the discussion of the admin routes compatibility here because the patch already contains the back routes compatibility. Therefore, the main goal of this article is to make your store functioning correctly after applying the patch.

The Magento team releases patches when any vulnerability in the system is found in order to keep Magento secure and reliable. On Feb 2015, Magento has already released one critical security patch (SUPEE-5344), which was aimed to address a remote command execution. It’s been more than two months since the release and still more than 50% of all of the Magento installations worldwide have not been patched and are being open to attacks.