As much with the physical store ,it is important for you to secure your Magento store . In fact, even more so, because your site is accessible and open 24/7 !
Here are some of the tips in securing your store.
Securing your administrative part.
1. Use custom backend URL
By default magento’s backend path is /admin . This allows anyone to guess the location of your backdoor. By changing this path, you protect the first line of attack.
2. Allowing access only from known IP Address
If you have broadband at your store or at home, chances are you already have fixed IP for your home/office. If so, you can limit access to the backend of your store only from the known IP Addresses. Make sure you put few different known IP Addresses, as you may lock yourself out if your fixed IP Address lease expires or somehow changes!
Securing your communication channel
1. Enable HTTPS on both frontend and backend. This way, you thwart the possibility of someone listening for your password using wiretapping.
2. Enable SFTP (secure FTP) so that even your ftp connection to your server is only permitted through encryption.
Securing your password
1. Make sure you choose a strong password.
2. Protect your ‘lost password’ email address. Don’t use your administrative email publicly known one, and make sure your email address is well protected with strong password, along with your security questions.