Magento Security Scan allows you to monitor each of your Magento sites for known security risks, and to receive patch updates and security notifications.
- Gain insight into the real-time security status of your store.
- Schedule security scan to run weekly, daily, or on demand.
- Receive reports with the results of over thirty security tests and the recommended corrective actions for each failed test.
- Maintain a history of security reports in your Magento account.
The Security Scan tool is available for free from the dashboard of your Magento account. For technical information, see Go live and launch in our developer documentation.
Run a security scan
Go to the Magento home page, and sign in to your Magento account. Then, do the following:
- In the panel on the left, choose Security Scan.
- Click Go to Security Scan.
- Read the Terms and Conditions.
- Click Agree to continue.
On the Monitored Websites page, click +Add Site.
If you have multiple sites with different domains, you must configure a separate scan for each domain.
To verify your ownership of the site domain, do the following:
- Enter the Site URL, and click Generate Confirmation Code.
Click Copy to copy your confirmation code to the clipboard.
Generate Confirmation Code
Log in to the Admin of your store as a user with full Administrator privileges. Then, do the following:
- In the Admin sidebar, go to Content > Design > Configuration.
- Find your site in the list, and click Edit.
- Expand the HTML Head section.
Scroll down to Scripts and Style Sheets and click in the text box at the end of any existing code and paste the confirmation code into the text box.
Scripts and Style Sheets
- When complete, click Save Configuration.
Return to the Security Scan page in your Magento account. Then, click Verify Confirmation Code to establish your ownership of the domain.
After a successful confirmation, configure the Set Automatic Security Scan options for one of the following types:
Scan Weekly (recommended):
- Choose the Week Day, Time, and Time Zone that the scan is to take place each week.
By default, the scan is scheduled to begin each week at midnight Saturday, UTC, and continue to early Sunday.
- Choose the Time, and Time Zone that the scan is to take place each day.
By default, the scan is scheduled to begin each day at midnight, UTC.
Enter the Email Address where you want to receive notifications of completed scans and security updates.
When complete, click Submit.
After the ownership of the domain is verified, the site appears in the Monitored Websites list of your Magento account.
If you have multiple websites with different domains, repeat this process to set up a security scan for each.