Every Magento Store owner and developer need to follow some basic steps to increase the store security.
1 . Latest Magento –
Use the latest version of Magento to ensure that your installation includes the most recent security enhancements.
If for any reason you cannot upgrade to the latest version, make sure to install all security patches as recommended by Magento. Although Magento issues security patches to fix major issues, new product releases include additional improvements to help secure the site.
2 . Unique Admin URL –
Use a unique, custom Admin URL instead of the default “admin” or the often-used “backend,” Although it will not directly protect your site from a determined attacker, it can reduce exposure to scripts that try to break into every Magento site. (Never leave your valuables in plain sight.)
Check with your hosting provider before implementing a custom Admin URL. Some hosting providers require a standard URL to meet firewall protection rules.
3 . Block Access To any Development
Block access to any development, staging, or testing systems. Use IP whitelisting and .htaccess password protection. When compromised, such systems can produce a data leak or be used to attack the production system.
4 . File & Folder Permissions-
Use the correct file permissions. Core Magento and directory files should be set to read only, including app/etc/local.xml files.
5 . Strong Admin Password –
Use a strong password for the Magento Admin. To learn more, see: Creating a strong password.
Take advantage of Magento’s security-related configuration settings for Admin Security, Password Options, and CAPTCHA.
1 . Disable development and errors for live site.
2 . change default admin from admin url
3 . Keep patch updated on site and latest version of magento.
1 . Keep permission for selected ip’s
2 . set server level firewal
3. set up ssl