How about safety check?

Hi Craig and all talented Magento-users,

The time has come for us to soon go live. The owners ask, “are the site safe?”
As a totally new to Magento, I dont dare to say yes before I consult with someone else.
I have proceeded so we are getting a SSL Certificate and I have gone through the whle site self and clicked on every single button and page and clickable thing, but that’s probably it.

How is a “normal” safety check routine? I heard about debug?

Do you have any company you could recommend that “goes through your site and mark it as safe”?
Excuse me for a basic question, but I really appreciate guidance.


Congratulations on your store launch :partying_face:

Have a look through 25 Ultimate Security Checks and Habits for Magento 2. I don’t think #22 is required anymore because of the new tool in #23.

Also, GDPR requires you to run Penetration Tests. There are different types on “Pen Tests” that evaluate your security/vulnerabilities (both online and offline). I don’t know that much about it all as I don’t really deal with that kind of stuff right now.

My limited research on the topic leads me to believe that you have to hire an accredited consultancy firm who test and evaluate your site/business both online and work premises. This is required several times per year, which can work out quite pricey.

Some useful links include: