Magento 2 Store Security Overhaul

Budget: £20 - £250

My Magento 2 store needs a complete security revamp that goes well beyond the basics I already run. At the moment I rely on SSL certificates, two-factor authentication and the regular Magento security patches, yet I’m still uneasy about data breaches, payment security and the risk of unauthorized admin or customer-account access. There are no internal security policies in place, so I’m open to proven best-practice frameworks you can recommend and document for future staff training.

Here’s what I expect to come out of the engagement: • A thorough security audit of core Magento code, third-party extensions and server configuration, followed by a prioritised findings report. • Hardening and remediation work that eliminates every critical or high-risk vulnerability revealed in the audit. • Payment workflow review to ensure end-to-end PCI-DSS compliant handling of cardholder data, including any necessary gateway or tokenisation adjustments. • Deployment or configuration of additional defences—WAF rules, real-time malware scanning, re and advanced role-based access controls—so that attempted intrusions are blocked rather than merely logged. • Clear, concise security guidelines written for non-technical staff covering password hygiene, admin-user provisioning and update routines. • A final verification pass demonstrating zero outstanding critical issues on reputable scanners (for example MageReport) and confirmation that my store can continue to patch forward without breaking the fixes you implement.

I work best when I can review progress in logical milestones: audit, remediation, validation, documentation. If you’ve previously secured Magento 2 stores at scale and can point to measurable results, I’d like to hear how you’ll approach each stage and what tools—such as OWASP ZAP, MageScan, or IDS/WAF platforms—you prefer.