How to be sure that my Magento 1 shop is secure?
Look for vulnerable extensions
Most of our shops are using a lot of extensions bought from external partners. It looks like a lot of them if not updated regulary can contain vulnerabilities. To be sure that 3rd party extensions are safe you can use tool written by Willem de Groot called Magento Vulnerability Database.
This is plugin for n98magerun.phar. After installation just run
n98-magerun.phar dev:module:securityExample output :
Vulnerable module found: Amasty_Geoip
Installed: 1.1.3
Fixed In: 1.1.6
Update URL: https://amasty.com/
Credit: pavel.barbarich@amasty.com to gwillem@gmail.com
Vulnerable module found: Amasty_Sorting
Installed: 1.2.4
Fixed In: 1.4.9
Update URL: https://amasty.com/improved-sorting.htmlEnable Magento Security Scanner
Some time ago Magento has released tool that is able to regulary scan your website looking for vulnerabilities. Below example output.
Magento Malware Scanner
To be sure that your server was not compromised and any malware wasn’t added to the project it’s a good idea to scan project source for any suspicious code. For that you can use Malware Magento Scanner written again by written by Willem de Groot. You can run it manually with this commands
wget https://mwscan.s3.amazonaws.com/mwscan.txt
grep -Erlf mwscan.txt /path/to/magentoAdvanced usage can be found on the project page here.