I scanned my site from the New Magento Security Tool available from magento partner portal.
The report showed me two Vulnerability issues
1) SSL TLS – Your server supports TLSv1.0. Please update your configuration to discontinue TLSv1.0 support.
- What is TLSv1.0?
- Should I disable this? Will this effect my site any how.
- If Yes how can I disable it?
2) Magento Brute Force – One or more Brute Force checks failed. This exposes you to Brute Force attacks. Your Magento installation's admin panel was discovered at a common URL.
My site is not using any common url such as admin or backend still this gives me such error why? what is the best practise for keeping an admin url. Magento suggest admin_SOMERANDOMSTRING. is it so? Should we keep same?
Best Answer
TLSv1.0 - its in your webserver SSL settings. you can safely disable it.
name your admin path as you like, something random.
obviously magento just reinvented the bicycle again, working in their own world...
you can use old good scanners: