After July 2021, the 2.3.x release line will no longer receive quality updates, or user guide updates. PHP 7.3 reaches end of support in December 2021 and Adobe Commerce 2.3.x reaches end of support in September 2022. We strongly recommend planning your upgrade now to Adobe Commerce 2.4.x and PHP 7.4.x to help maintain PCI compliance.

Security Scan

Magento Security Scan allows you to monitor each of your Magento sites for known security risks, and to receive patch updates and security notifications.

  • Gain insight into the real-time security status of your store.
  • Schedule security scan to run weekly, daily, or on demand.
  • Receive reports with the results of over thirty security tests and the recommended corrective actions for each failed test.
  • Maintain a history of security reports in your Magento account.

The Security Scan tool is available for free from the dashboard of your Magento account. For technical information, see Go live and launch in our developer documentation.

Security Scan

Run a security scan

  1. Go to the Magento home page, and sign in to your Magento account. Then, do the following:

    • In the panel on the left, choose Security Scan.
    • Click Go to Security Scan.
    • Read the Terms and Conditions.
    • Click Agree to continue.
  2. On the Monitored Websites page, click +Add Site.

    If you have multiple sites with different domains, you must configure a separate scan for each domain.

    Monitored Sites

  3. To verify your ownership of the site domain, do the following:

    • Enter the Site URL, and click Generate Confirmation Code.
    • Click Copy to copy your confirmation code to the clipboard.

      Generate Confirmation Code

  4. Log in to the Admin of your store as a user with full Administrator privileges. Then, do the following:

    • In the Admin sidebar, go to Content > Design > Configuration.
    • Find your site in the list, and click Edit.
    • Expand the HTML Head section.
    • Scroll down to Scripts and Style Sheets and click in the text box at the end of any existing code and paste the confirmation code into the text box.

      Scripts and Style Sheets

    • When complete, click Save Configuration.
  5. Return to the Security Scan page in your Magento account. Then, click Verify Confirmation Code to establish your ownership of the domain.

  6. After a successful confirmation, configure the Set Automatic Security Scan options for one of the following types:

    Scan Weekly (recommended):

    • Choose the Week Day, Time, and Time Zone that the scan is to take place each week.
    • By default, the scan is scheduled to begin each week at midnight Saturday, UTC, and continue to early Sunday.

      Scan Weekly

    Scan Daily:

    • Choose the Time, and Time Zone that the scan is to take place each day.
    • By default, the scan is scheduled to begin each day at midnight, UTC.

      Scan Daily

  7. Enter the Email Address where you want to receive notifications of completed scans and security updates.

    Email Address

  8. When complete, click Submit.

    After the ownership of the domain is verified, the site appears in the Monitored Websites list of your Magento account.

  9. If you have multiple websites with different domains, repeat this process to set up a security scan for each.