Skip to content

Securing your Store

The WAF rules in front of Stratus help protect every site.  However, there are still other ways for malicious software and un-authorized users to get into your site.  At the end of the day, your site is viewable to the public and will always be at risk.  But a few simple steps can help keep you safe.

  • Don’t use the default admin or backend login path for anything /admin is really bad.  Magento 2 does not use that as its default.
  • Keep your site patched.  The Magento Security Center from Magento is the best place to see recent and past updates.  The community site has open source scanning and patching tools.
  • IP restrict your WordPress admin.  Many sites hosted on Mojo Stratus have additional blogs.  Their login’s are often exposed.  Using Nginx Includes or the built-in Stratus panel access restriction, you can restrict the WordPress login by IP and prevent brute-force attacks.
    location ~ /wordpress/wp-login.php$ {
    try_files $uri $uri/ /index.php?$args;
    location ~ .php$ { try_files /dummy @proxy; }
    deny all;


  • Don’t leave junk lying around in your web root. Extra database dumps, un-needed files and test scripts, and other code that isn’t necessary for production is often left exposed.  You never know what vulnerability might exist there, keep your data safe!
  • Use strong passwords!
  • Block countries you do not ship to