There are multiple ways to secure your store and maintain your data security:
Visit the Security Center and join the Security Alert Registry for the latest news about potential vulnerabilities. For information about security best practices, see Secure your Commerce Site and Infrastructure in the Implementation Playbook.
Stores that have enabled Adobe Identity Management Services (IMS) authentication have native Adobe Commerce and Magento Open Source 2FA disabled. Admin users who are logged into their Commerce instance with their Adobe credentials do not need to reauthenticate for many Admin tasks. Authentication is handled by Adobe IMS when the Admin user logs into their current session. See Adobe Identity Management Service (IMS) Integration Overview.
If you suspect that your Adobe Commerce or Magento Open Source site is compromised, follow this action plan without delay.
Diagnose: Run a scan to establish the security status of your Commerce store. Commerce Security Scan is a free service offered by Adobe that allows you to monitor your Commerce sites for known security risks and malware, and to receive security notifications.
Clean: Hire a qualified consultant or online service to clean your site of all malicious code. Some Commerce community members recommend Sucuri Website Malware Removal. Check the
/media folder for leftover executable code. Remove all unknown Admin users and reset all Admin passwords.
Protect: Keep your Commerce installation up to date with the most current release. If you are using an older version, apply all security patches as they become available. Review and follow Commerce security best practices. Subscribe to Commerce Security Alerts.
Report: If you think that you have found a specific vulnerability in Commerce, open an issue with Adobe and include technical details.
Upgrade: For the additional peace of mind that comes from 24/7 support, plan your upgrade to Adobe Commerce on our Cloud Architecture now.