how to solve Magento vulnerability issue
https://magento.stackexchange.com/questions/151048
-
05-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Magento website scan report says that it has some issue about security in website.following scan report says about my website vulnerability.
- vulnerability Name: Php Info File
- vulnerability Name: Web Application Transmits login credentials without encryption
- vulnerability Name:Basic authentication over HTTP
How to solve vulnerability from website.this above solve vulnerability points in my website. AND other thing is website is under ssl nd secure by htttps
How to solve above points.I need some guide above points I do not understand how to approach above this points. All patch installed in website.
Solution
While I have no idea which report you ran, this is how you should be able to solve it:
vulnerability Name: Php Info File
You most certainly have a file named phpinfo.php in your document root (=main directory) or somewhere else. Remove this file.
vulnerability Name: Web Application Transmits login credentials without encryption
Buy a SSL certificate, let your provider install it and set https://www.yourdomain.com/ as base URL and secure base URL in Magento admin.
vulnerability Name:Basic authentication over HTTP
Not quite where this came from, maybe you have an additional username + password box protecting your backend (http://www.yourdomain.com/admin)?!
This is probably defined somewhere in a .htaccess file or vHost. Change it from AuthType Basicto AuthType Digest.
