Website security is paramount right? There are so many areas of an ecommerce website needing to be kept secure or updated, that the list of potential vulnerabilities feels almost endless –
- Security patches
- Hiding admin URLs
- SSL certificates
- Brute force attacks
- Out of date PHP
- Payment gateways
We could go on dear reader but understand you’ve probably only got a few minutes reading this before you must get back on with working.
Recently the Playhouse Group conducted a research piece and was surprised staggered at the number of Australian sites that aren’t as secure as they should be, leaving their data potentially vulnerable.
Interestingly, for a large number of Magento 1 users, we’ve noticed a trend for the Security Patch released in November (2017) is an outstanding update for a large number of sites. Would imagine in the build up to the biggest retail period of the year, companies were rushing to ensure excellent sales and that unfortunately there wasn’t time to apply the patch.
What was the patch?
SUPEE-10415, Magento Commerce 220.127.116.11 and Open Source 18.104.22.168 contain multiple security enhancements that help close cross-site request forgery (CSRF), Denial-of-Service (DoS) and authenticated Admin user remote code execution (RCE) vulnerabilities.
“For Magento 1 users, I think it is absolutely critical that users act upon updates containing references to “Remote Code Execution (RCE)” otherwise they can execute malicious code and take control of your systems.” (Andrea Andreoli, the Playhouse Group Magento Tech Lead)
Another trend we’ve noticed, is that PHP is another area companies are potentially leaving themselves open to vulnerabilities as versions are being left to fall out of date.
If you or your business have concerns that your site could be open to attacks, please let us know and we can work with you to run health checks and ensure you are up to date and secure.