Security Metrics Checklist For Magento

• Install/Upgrade SSL certificate 
• Add site seal 
• Rotate all server passwords 
• Review and remove unused FTP/SSH accounts 
• Review and remove unused Magento administrator/API accounts 
• Register with a approved scanning vendor (Eg. Security Metrics) for automated security scans 
• Complete your PCI self assessment form (where appropriate) 
• Change the Magento admin URL back to /admin and enable admin protection 
• Enable downloader protection 
• Enable API protection 
• Correctly configure your Magento cron 
• Correctly configure your custom cron jobs (where appropriate) 
• Enable email audit log notification and review daily 
• Ensure your file permissions are correct, per installation 
• Securely install WordPress (where appropriate) 
• Download and apply all Magento patches to your store 
• Verify all Magento patches are properly applied with the vulnerability scanner and MageReport 
• Subscribe to Magento security alerts 
• Stay abreast of Magento news via MageTalk, MageDev Weekly and the official Magento Community Digest