Astra saved my website from the dreaded Japanese SEO hack. Have used Astra for my website's security ever since & super happy to see dozens of attacks being stopped & the support I've received Ingrid Kjelling
Owner, IK Photography
Magento Malware & Hack Removal guide

The Ultimate Magento Malware Removal Guide

This Magento security guide will help you to protect your Magento store from hackers & how you can fix your hacked store website.

The Ultimate Magento Malware Removal Guide

Magento Malware Removal Guide

If you own an online marketing website, then it possibly is powered by Magento. Currently, according to some reports, there are about 50,000 websites using Magento. Magento is an open sourced platform for e-commerce. It supports millions of retailers and allows them to grow their business using the various features of the platform. As with all other popular innovations on the internet, this one is also plagued with repeated attacks and security concerns. If you have your website built on Magento, then hacking attempts on your website must be common. To deal with them you need to be prepared. This Magento Security Guide contains all the information and ways you can arm yourself with to protect your website.

Basic Security Steps

The basic steps are the ones we tend to really ignore. However, taking care of these steps will surely make your website a bit safer. Some of these are:

  • Use strong passwords & change default admin username

    Using strong passwords may seem to be a redundant advice. However, not everyone follows this advice.  Longer the password, harder it is to crack. Ensure that the password has a mixture of uncommon words and expressions, which will protect it against dictionary attacks. Along with passwords, you must also change the default admin name. Most of the times, keeping the default admin makes it easier for hackers since they only need to crack the password. When setting up an account in Magento, change the default username. You can also change them after setting up the account. You just need to go to “System” and then click on “My Account”.

  • Use two factor authentication

    Using two factor authorizations is becoming common nowadays and for good reasons. Simply logging with a username and a password might not be enough. Two step authorizations is an addition layer of protection that adds another level of security to your website. Most of the two factor authorization consists of sending an OTP to the registered mobile number.

  • Have a backup plan

    The security of your website may be strong but having a backup of all your data is a good idea. Staying prepared for all circumstances is necessary for the safety of your website. In case of emergencies, you can easily upload the backup files and get your website back online.

  • Update everything

    Hacking methods are improving every day and staying updated with them is a pressing necessity. Magento has a very active community of developers. They produce newer versions of the service with improved security features. Thus, you must be using the latest version of Magento. If you are using any plugin then make sure that you update them regularly. Avoid using any plugin or extension that does not have periodic security updates. The updates fix any previous vulnerability and prevent them for getting exploited by attackers. You can do it by going to “System” and then clicking on “Magento Connect”. Login again to confirm and then scan the account. This will reveal all the plugins that require an update.

Recommended Steps

The following steps will help you secure your website from most of the basic threats. These are the areas which require necessary attention of the owner. Most of these settings are set to default settings and hackers tend to exploit those. Thus, the following steps are important in this Magento Security Guide:

  • Custom path for admin panel

    Most of the users leave the admin path to the default path and this enables attackers to launch attacks such as session management attacks and broken authentication attacks. To change the default admin name, you need to follow the below steps:

    1. Locate the local.xml file in /app/etc
    2. Search for M
    3. Rewrite the “admin” to an username of your choice
  • Hiding directory indexing

    The default setting allows others to simply view the entire directory using the URL of your website. This lets attackers launch simple attacks on your website since they will be able to access all the core files of Magento. To hide the directory, you simply need to add the following lines in the .htaccess file:

           Options -Indexes

  • File permissions

    File permissions are the most ignored area in securing websites and thus needs to be covered in this Magento Security Guide. You can protect important files and folders from attackers using appropriate file permissions. You must ensure that the permissions are not too strict. Since, it will cause errors in the working of the website. Below are some of the suggested file permissions for Magento:

    1. Directories: Suitable permission may be 500 for all directories. This gives the web server user permission to read as well as execute.
    2. Files: The permission for files can be set to 400. Since, this permission prevents any user from altering the files. This protects the files from attacks which overwrite the files.
    3. The var/ and media/ directories: The permission, if set to 700, gives complete permissions to the owner of the website and no one else.
    4. The var/ and media/ files: 600 will be the suitable permission for the files. This allows the web server user to read and write the file contents.

Water Tight/Ultimate Security Tips

Apart from the usual security steps, you also need to look after the few minor changes that are important. These changes can be the difference between a hacked website and a secured one. Thus, being an integral part of this Magento Security Guide.

  • Restrict access to admin according to IP

    If you find threats originating from certain IP addresses, you can single them out and block them. This will prevent them from accessing your website and launching any attack against your website. You could add the code below in your .htaccess file:

    Magento security guide code for blocking IP

    Code for .htaccess

Remember that several ISPs have assigned dynamic IP address to users and thus it may cause problems. You can use this process in case of static IP addresses.

  • Using encrypted connections

    Whenever there is a data transfer between the servers and you, there is a chance that someone may hijack the data. Since, the data is transferred in plain text if you are not using HTTPS connection. Moreover, the intercepted data may contain important and sensitive information that the attackers can use to cause damage. Thus, encrypting your site with HTTPS/SSL which will also make your site PCI compliant is a good idea. This will result in the site becoming more popular among the users due to its heightened security. To do this, follow the steps:

    1. Go to System-> Configuration-> General-> Web
    2. In the field containing the URL of your website, change “http” to “https”
    3. Enable the options “Use secure URLs in Frontend” and “Use secure URLs in Admin”
  • Lowering the risk of SQL Injection

    Magento provides necessary security features to escape SQL Injection attacks. However, using a firewall or a security service such as Astra can help you make the security watertight. Astra has several features such as File Injection Protection make your website safe from external threats.

Related Guide –  For more security steps follow our more comprehensive guide on Magento Security 

Malware Removal Steps

Malwares are sneaky and you can never be too careful of them. If you find malware in your website, then the following steps will help you remove them. Malware removal procedures form an integral part of any Magento Security Guide since you need to know how to remove them.

  • Manually removing the malware from the files

    When a malware infects a file, they most often cause changes in the file which are visible. By analyzing the changes made in the files, you can detect the malware infection. Once you have detected it, you need to remove the malware. To do this, you can follow the below guidelines:

    1. Have a clean backup ready.
    2. Search all the files for known malwares or malicious payloads.
    3. If there are any recent changes then ensure that they are legitimate.
    4. During the core file integrity check, review the files that the diff command flags.
    5. If any malware is present, then replace them with a clean file from the backup.
    6. Run tests to check if the website works correctly.
  • Cleaning hacked database tables

    This segment offers you steps to clean your database since it as an important part of the website.

    1. Have a clean backup of your database handy.
    2. Look for suspicious content such as spammy keywords and links.
    3. Manually delete all such content.
    4. If needed replace the parts of the database tables with a clean copy.
    5. Test the website to check if it works correctly.

You can also check your database for known malicious PHP functions. Before making any changes verify that they are not genuine files by Magento itself.

  • Hidden backdoors

    Malwares often create backdoors that allows hackers to enter the website whenever needed. Most of the time, attackers hide backdoors in new files that look like genuine Magento files. They can also hide them in core places such as the footer area.

After removal of all malware, make sure to change the usernames and passwords. To be completely sure of the safety of the website you can enlist the use of website security such as Astra. They run scans on the entire website and sniff out skillfully hidden malware and backdoors. With security features such as Website Firewall, Malware Cleanups, they can remove all traces of threat from the website. Using Astra to secure your website is a smart move.

Check our detailed blog post on Magento Malware removal steps

Magento Security Suite

"Excellent service, I am sleeping like a baby since I got it."

Excellent service, always responding super fast when I need them, and never had any problem with hackers since I'm with Astra.

Continue reading
Magento secure coding checklist

Magento Security Checklist

This checklist will help you with practices that you should implement while developing a Magento store.

Astra saved my website from the dreaded Japanese SEO hack. Have used Astra for my website's security ever since & super happy to see dozens of attacks being stopped & the support I've received Ingrid Kjelling
Owner, IK Photography

Magento Security Checklist

Every day hundreds of Magento store websites get compromised because of malware infections. One of the prominent reason behind Magento hacks is poor coding practices.

Magento security is a cumbersome process, especially as it involves a lot of lot sharing of personal data like name, credit card details etc. Our Magento security checklist contains easy to implement steps for beginners and experts alike. Following this Magento secure coding checklist will help you to protect your website from hackers and make your website stand out and shine.


Here are some quick tips that you can follow while developing a Magento website.
  1. The integrity of configuration files, libraries, executables, and interpreted code should be verified by the usage of checksums or hashes.
  2. Shared variables and resources must be secured from improper concurrent access.
  3. User-supplied data should not be passed to any dynamic execution function.
  4. Any third party code, secondary applications or libraries that are used must be properly reviewed in order to determine their business necessity and confirm its safe functionality, in order to avoid any new vulnerabilities.

For more tailored security practices for Magento please download our checklist & don’t forget to share it with your friends if you like it.


Rock solid security, amazing support

Super Secure My Business

Continue reading

Magento Malware Scanner & Backdoor Removal Plugin

The page contain details about our Magento malware scanner & how can you use it to clean your website

Astra saved my website from the dreaded Japanese SEO hack. Have used Astra for my website's security ever since & super happy to see dozens of attacks being stopped & the support I've received Ingrid Kjelling
Owner, IK Photography

Magento Malware Scanner

Accurate, fast & machine learning powered Magento malware scanner now at your finger tips. Astra’s Magento scanner detects all malware, backdoors & core file changes on your website without effecting speed of your website in any way

Super Fast

Astra’s malware scanner optimizes itself with each scan making subsequent scans visibly faster making malware scanning a 5 minute affair for you

Ever Evolving

Our malware scanner is powered by machine learning which intelligently detects early signs of malware & flags them for you

Intuitive Reports

Malware, backdoors & core file changes are beautifully visualized telling the exact instances of malware within your code making everything super simple for you

Astra's Magento Malware Scanner

Unveil all Malware & Backdoors

One-Click Start from Dashboard

Now scan your Magento store by just a click of button, anytime as per your convenience 

Detects Hidden Malware & Backdoors

Our Malware scanner is highly tailored for Magento 1.x & 2.x & detects the hidden, encrypted malware 

Beyond Malware Signature Matching

Our malware scanner is deeply coupled with our firewall, security audit & community security offerings helping us stay on top of the security world & bringing in that intelligence to malware scanner 

Community Powered

Astra’s community powered Magento malware scanner brings collective intelligence of thousands of website to your website’s security, helping you stay a step ahead of hackers 

Resource Optimized

Unlike other malware scanners, Astra’s malware scanner would never slow your website. Our intelligent scanning technology helps us scan faster than other scanners without slowing down your website 

Astra's Rock Solid Security For Your Magento Store

Web Aplication Firewall

Astra’s Web Application Firewall is highly tailored for Magento websites and stops attacks like XSS, SQLi, SEO Spam, RCE, Bad Bots & 100+types of threats in real time

Manual Malware Cleanup

Apart from automated scan, our engineers perform in-depth malware cleanup of your website & assure it remains secure throughout the year, no questions asked

Community Security

Lend a friendly hand to security researchers by running your own Bug Bounty program to reward hackers for finding vulnerabilities in your website

FAQs - Magento Malware Scanner

Our Malware scanner can be installed as a Magento extension. You can download the plugin from Astra dashboard after the sign-up.

Our Magento malware scanner which will give you a well detailed report of all malware & backdoors. Then you need to go to the file path & delete the malicious code or file.

Yes, with malware scanner you get access to Astra firewall which stops all malware attacks in real time.

Hosting malware scanners are not tailored as per CMS & they scan only limited files of your website. You need a scanner that is tailored for your CMS & updates periodically with the hacks

Still have a question? Read more FAQ’s or feel free to contact us

Astra is amazing!!! I bought Astra after having used malcare and webarx religiously. I run a digital marketing agency so having web security is extremely important. First I had malcare do a manual cleaning of my site cause they had said there were some malicious code in my site. They send me the email when they complete it and my site is in the clear…so I think. I immediately installed Astra about an hour later on my main site (no client sites yet). Astra did it’s initial scan and came back with 9 malicious codes installed!

I am thoroughly amazed and impressed by Astra and its abilities let alone the support response time. The report isn’t generalized in any way, it’s extremely specific and detailed about your specific site. This is a must in my opinion if you have any type of website. The security it gives me in knowing that I have a capable company like Astra watching over my site and if something goes wrong they are there to rid the problem. Astra is a major relief and weight of security off my shoulders.

Ferdinand Mehlinger

owner of Bluoo Digital & Laptop Lyfestyle

Astra's Magento Malware Scanner

Disclose all Malware & Backdoors

Top Brands Using Astra Security

What Our Customers Have to Say

Continue reading

Magento Security Audit & VAPT

This contains all details of tests, pricing & sample Magento Security Audit report.

Astra saved my website from the dreaded Japanese SEO hack. Have used Astra for my website's security ever since & super happy to see dozens of attacks being stopped & the support I've received Ingrid Kjelling
Owner, IK Photography

Astra Uncovers Security Vulnerabilities in your Magento Store - Magento Security Audit

The Magento security audit focuses on evaluating the vulnerabilities in your store by methodically validating & verifying the effectiveness of security controls. The process involves an active analysis of the Magento store for any weaknesses, technical flaws, or vulnerabilities.

Comes with 150+ security tests followed by tests tailored to your tech stack & needs.

  • Detailed Code Analysis
  • Business Logic Testing
  • Dedicated Engineer
  • Prevent Credit Card Hack

Our team that has helped to secure

Buffer App

Super Secure My Business

Magento Security Audit - Features

Vulnerability Assessment and Penetration Testing

Exhaustive VAPT for your Magento store is performed that would identify security loopholes in the Web Application which could potentially allow a malicious user to gain access to the system or perform malicious operations.

Static & Dynamic Code Analysis

Astra’s Web Application Security Testing is based on the OWASP Testing Methodologies and the OWASP Testing Framework. We perform over 150+ ‘active’ tests that have been classified on the basis of type of vulnerabilities found.

Business Logic Testing

It is the core logic of your Magento store. Here we check Price Manipulation, Getting More Discounts, Privilege Escalation, Bypass Security Restrictions, Access to Unauthorized Information. You can read more about it here.

Payment Handling & Integration

Checkout Portals and Payment Gateways are thoroughly checked for credit card hacks, formjacking, price manipulation vulnerabilities and more. Such vulnerabilities in a web application’s payment flow directly affects the business. 

Server Infrastructure Testing & DevOps

Securing the perimeter becomes the initial step here. The key activities would involve Auditing Existing Configurations, Ensuring Encryption & Safe Data Storage, Optimizing DevOps Processes & suggesting best practices.

Network Devices Configuration Audit​​

An assessment of the device patch level, the logging & auditing implementation, authentication mechanisms. Audit based on device configuration, administrative and authentication services, network filtering, protocol analysis.

Testing for Known CVEs

While  Magento security audit we test for common vulnerabilities and exposures. This will ensure that your store is protected from all known vulnerabilities that were exploited in the past.

Assistance in Patching Security Vulnerabilities

Our engineers will share a detailed report with step by step POC (screenshots/videos) and detailed fix information with code/config examples that will help your developer to patch vulnerabilities. 

Dashboard for Vulnerability Reporting​​

Vulnerabilities are reported on our intuitive dashboard where your developers can interact directly with our security engineers. Also, you can request for a re-scan to make sure that vulnerability is patched .

Top Security Issues Tested - Magento Security Audit

  • Configuration and Deployment Misconfiguration

    Tests HTTP Methods, HTTP Strict Transport Security, Network/Infrastructure Configuration, Application Platform configuration

  • Application or Framework Specific Vulnerabilities

    We test for all possible major causes of Magento hacks such as SQLi, XSS, RCE, CSRF, LFI, RFI etc.

  • Broken or Improper Authentication

    Tests for Weak & Guessable passwords, Tests for lack of appropriate session Timeouts, User Enumeration, use of default credentials, Account Lockout Policy, Session ID randomness etc.

  • Identifying Technical & Business Logic Vulnerabilities

    We test for OWASP Top 10, WASC Top Threats, etc. and our Testing methodology is based on OWASP Testing Guide v4.

  • Over 150+ Active Security Tests

    Tests for Input Validation issues, SSL issues, Authorization/Authentication issues, security best practices etc.

Astra Pricing For Magento Security Audit

CMS Scan

A comprehensive security audit for your website built with Magento, OpenCart, WordPress and other CMSs. We perform 80+ active tests with the right mix of automated & manual testing.

Be safe from critical issues like CC theft, Malware, Known Exploits, Security Misconfigurations, Vulnerable Plugins & more.

  • Cloud Dashboard
  • Steps to Fix
  • Amazing Support
Flat fee of

Business Logic Scan

An in-depth VAPT (Vulnerability Assessment & Penetration Testing) for custom built web-apps or CMSs with custom development. We perform 120+ active tests specific to your tech stack.

We pinpoint Business Logic Errors, Payment Gateway flaws, Price Manipulation Vulnerabilities, Customer Data Theft & more.

  • Security Manager
  • Cloud Dashboard
  • Steps to Fix
Starts from
Contact Us

Astra's Rock Solid Security For Magento

Web Aplication Firewall

Our Web Application Firewall is highly tailored for Magento & stops attacks like XSS, SQLi, SEO Spam, RCE, Bad Bots & 100+types of threats in real time.

On-Demand Malware Cleanup

Astra’s on demand malware scanner is super fast. It detects all malware & backdoors in your Magento store. You can run scan as per your convenience.

Community Security

Lend a friendly hand to security researchers by running your own Bug Bounty program to reward hackers for finding vulnerabilities in your website.

Top Brands Using Astra Security

What Our Customers Have to Say

Frequently Asked Questions

Yes, a security audit is an in-depth exercise that requires hours of effort of human & technology resources. That’s why an upfront payment is expected.

Definitely, once you’ve fixed the vulnerabilities you can request a scan simply by clicking a button on your dashboard. Following which, our engineers are notified and they plan a re-scan. If you are a business plan customer, you get a re-scan every month. If you’ve opted for a security audit separately then one re-scan is available to you.

Not at all, the security audit and VAPT are agnostic of the technology stack and work well on all websites.

You start seeing vulnerabilities reported by us from the day testing is started. You can ask for support in fixing the vulnerabilities for 30-days, starting from the day our engineers finish testing. During these 30 days, our engineers will be available to work with you or your developers and assist them in fixing bugs via the comment system of our dashboard. At any point, if the engineers feel that there is a need for a chat, they’ll be happy to talk to you over a chat too.

Yes, for sure. We assist your developers in fixing the vulnerabilities reported. Your developer can comment under each vulnerability if they have any questions regarding the fixation process.

Definitely, we test mobile apps too. You can learn more about them here.

Still have a question? Read more FAQ's or drop us a message in the chat box

Super Secure My Business

Continue reading