Protect your store more with Magento Security Scan Tool

Recently, Magento has introduced a new design, Magento Security Scan Tool, which helps check stores for potential vulnerabilities and conformance to the Magento security best practice. We find that this tool is so useful for all Magento stores. Let’s discover it to see what it can do.

Your Magento store is always at the risk of being attacked by hackers who will attempt to steal the information from your customers as well as your store for fraudulent transactions. Magento Security Scam Tool is released to help Magento store owners to save their website better thanks to more than 30 security tests. This tool will perform a comprehensive check of a web store security such as missing patches and configuration process checks, security practices conformance, and timely reports about all suspicious activities taking place in a store.

Magento Security Scan Tool supports many of features for store owners:

  • The security of a store is monitored in real time by the tool.
  • The tool reports the issues in the configuration of a Magento store (if any) that make it potentially vulnerable to hacker attacks and gives recommendations how to fix them.
  • Security scans can be scheduled on specific date, time, or on demand.
  • The tool does not affect the performance of the site during the security scan process.
  • The history of security scan results is saved in Magento merchant accounts.

All merchants who are owners of Magento Commerce and Magento Open Source based web store can easily configure this tool for their website without paying any cost.

You can do as follows to configure Magento Security Scan Tool:

  • Login your Magento account
  • Open Security Scan section > tap Go to Security Scan button
  • After redirected to Monitored Websites page, choose Add site button

*Note: Configure an individual scan for each domain in case you have many websites on different domains and specify the URL and the name of your site in the corresponding fields in order to verify your ownership of the site

  • Tap Copy button in Conformation code in order to copy the code generated either in HTML or in the META Tag format
  • Go to Magento Admin Panel > Content > Design > Configuration
  • Select a store view you want to scan and tap Edit button
  • Expand HTML Head section, paste the copied code in Scripts and Style Sheets section
  • Tap Save Configuration
  • Go back to Security Scan page, and click on Verify Confirmation Code button
  • After confirming your domain ownership, choose one in 3 options such as Scan Weekly, Scan Daily or Do not automatically scan website in Set Automatic Security Scan menu


  • For Scan Weekly and Scan Daily option, you then need to submit your email address for notifications.
  • For Do not automatically scan website option, you will scan your website by selecting Run Scan in Actions section

Then you can see the scan result by clicking on View Report button.

There are 3 sections of the results displayed: Successful Scans which have Pass status, Failed Scans which have Fail status, and Unidentified Scans which have Unknown status. For Failed Scans and Unidentified Scans, there are some recommendations to fix the issues detected in the Actions field of particular scans.

That’s all information about Magento Security Scan Tool. If you have any question about this too, let’s contact us for the answer.

Thanks for reading!