By Amanda Brown on May 31, 2017 in Security
Security for platforms such as Magento is particularly important because Magento ecommerce developments often involve holding sensitive and confidential information; keeping it safe is vital for everybody involved. Because keeping information safe is such a high priority, Magento developers continually release patches for security as they come up with them, allowing users to pick specific patches which they would find to be most useful.
How do Security Extensions Work?
Security extensions for Magento are patches which are released after the fact; they are entirely separate from the main platform which most retailers use to build their shops. As such, they can be thought of in the same vein as almost any other add-on or extension which is designed for Magento. There is one slight difference, however: where the other add-ons are entirely voluntary, in that people can choose whether or not to use them in their personal shops and retails sites, security extensions should not be considered voluntary. They are integral to keeping customer data safe and completely secure.
Using this extension allows Magento to track visitors by their IP address, and ban them by banning that specific address, or the mask that they are using. What happens is that a ‘restrict’ rule is applied to that particular IP address, leading to the user being redirected if they attempt to gain access to the site – the owner can choose whether to have them redirected to a specific CMS page (this can be logged in the settings) or to a blank page. Site owners can also be notified about any continued attempts to gain access to the site by email.
This two-step authentication process is something which is particularly useful for owners who share the shop with other users, as it provides an additional layer of protection. Rather than simply relying on passwords and usernames, which are easily compromised (especially within larger groups), Two-Factor Authentication is an extension which extends and requires an additional security code from everybody when they try to log into the site. The security code only lasts for thirty seconds, and each one is only valid for one use. Keying the extension to your phone means that people who have access to the codes are limited.
The Secure Trading extension was designed by Magento experts to allow retailers and online merchants peace of mind when making online transactions. When accepting payment online, there is always the risk of hackers intercepting the information (bank account details, credit card details, personal details and so on) and using it for their own purposes of identity theft, or simply stealing the money. Secure Trading allows for an extra degree of security to be put in place, meaning that customers can feel more secure about allowing their personal details to be online, and retailers can feel more secure about having them.
Where the Secure Trading extension focused specifically on increasing security surrounding online payments, the Firewall extension protects the entire site. Essentially, what it does is act like a normal firewall on a computer would, by enfolding the site in another protective layer. Any attackers or hackers or other unauthorized entry attempts will be repulsed by the extension and blacklisted from any further interaction with the site, even legitimately. It also comes with a built-in scanner to enable the extension to give site owners recommendations on how to proceed, and to alert them if someone does succeed in breaking past security.
This extension is quite unusual in that it functions as a blocker rather than anything which specifically focuses on protecting the site and the platform which is used to support it. Restrict works by allowing users to control who has access to their site entirely, with that restriction being further controlled by certain pages, certain products, or certain categories. The site owner can decide where blocked customers are redirected to, and there are processes within the extension itself which mean that the entire redirection can be set and allowed to run itself automatically, with no further input from the owner.
How do Extensions Differ between Magneto Versions?
The current version of Magento (2.0) is something which was born directly out of the limitations of the first version in terms of its performance, usability and scalability as reported by retailers. Magento 1 was very efficient at what it did, to the extent that a twenty-five percent of all online retailers used it as their platform of choice, but there were issues with how the sites that were supported on the platform worked, from both sides of the site. The way in which Magento was configured did slow loading times down significantly, and the stress on small to medium sized business, while it meant that the platform was ideally suited for them, did mean that the amount of customization that could be done via extensions and modules was curtailed.
Magento 2 has more extensions because it has more room for them – there is more server and disk space available, and the file structure for back-of-house has been updated to make code reading a much less arduous task, and to speed the site up. With the additional server space, users of Magento can find themselves able to support more extensions on the same site, due to the changes which have been made in the way the code is handled.
Magento 2.0 has updated its default theme – Luma, a clean layout which adds responsive images and an overall better performance to the old theme of Magento 1.9. The team focused specifically on improving performance standards, something which enables security extensions, in particular, to work more effectively.
Updated page and image loading times mean that extensions can recognize attempted log-ins and hacks with greater ease. The changes made to the platform also include directory updates, meaning that the platform will be more able to cross-reference IPs and customers, leading it to be able to put security procedures in place more effectively.
Magento as a platform was developed specifically to provide retailers and merchants with a user-friendly site and is almost infinitely customizable. The platform itself is big enough to support many different shops and sites on one single dashboard, but while this versatility is useful, it also means that the platform itself is very vulnerable to security attacks. Fortunately, the very versatility which is built into Magento development makes it easy to design security extensions to fix the leaks, with the result that there are almost as many extensions as there are sites, all of which are useful.