Securing your Magento website
MasterCard say that 50% of all breaches in 2016 that resulted in the theft of MasterCard branded cards were on Magento websites so what can you do today to help protect your customers?
Steve Perry Creative are an official partner of Foregenix who offer unrivalled ecommerce security testing tools and services. Foregenix offer a free website scanning tool that checks for the following risks:
- Credit Card Hijack
- Cloud Harvester Malware
- Unprotected version control
- Outdated software
- Default/Admin location
- Magento Shoplift
- Magmi vulnerability
- Exposed development files
- Exposed API
- Magento Backdoor Trojan Module
- Security patch 6285 (XSS, RSS)
- Security patch 6482 (XSS)
- Security patch 6788 (secrets leak)
- Security patch 7405 (admin takeover)
- Security patch 5994 (admin disclosure)
- Malware Scanning
Foregenix say that “78% of websites that use our free WebScan tool are missing critical security updates. That means that on average, our team of penetration testers could hack these sites in under half an hour. The same goes for skilled criminals.”.
These tools only find the risks and it’s imperative that you keep Magento and any installed modules up-to-date to keep them as secure as possible. Software such as Magento is constantly being tested by security experts and when security vulnerabilities are found patches are released to help reduce the risk of stores being compromised. It may sound obvious but these patches must be installed for them to take effect.
When you budget for a new ecommerce website, whatever platform you choose, it’s important to factor in these on-going maintenance costs. You wouldn’t buy a new car and then never get it serviced so don’t launch a new website and leave out important security updates.
Written by Steve Perry