Magento recently announced that it had experienced a critical security flaw, which could potentially allow unauthorised access to a Magento store. As usual, Magento was quick to identify the flaw and create a patch to prevent any further security issues. The problem is that not all Magento users have been as quick to install the patch; with many still leaving their sites open to security threats.
What was the threat?
Magento was made aware of the remote code execution (RCE) vulnerability by Check Point Software. The security flaw affects both Magento Enterprise Edition and Magento Community Edition and basically allows hackers to obtain control over a Magento store and its sensitive data, including customer information.
On 9th February 2015, Magento released a security patch known as SUPEE-5344 and recommended that all merchants install the patch as soon as possible. Since then the company has continued to remind merchants and partners to implement the patch in order to protect their sites from the security risk.
On 20th April and 22nd April Check Point Software publicised the security risk, including technical details about how to uncover the vulnerability. But despite all of this information being released, a huge number of Magento merchants are still yet to take the threat seriously and install the security patch.
Securing your Magento website
Failing to secure your Magento website, whether it’s a Magento Enterprise or Community site could potentially expose both you and your customers to hackers. There is a high chance that an unauthorised party will access your site, take control of it and steal customers’ information. This will not only be costly for your business to recover from but also detrimental to your reputation.
If you do not take the necessary steps to secure your Magento website and customers’ information is stolen, it is very unlikely that you will be able to regain their trust and will find that your business suffers greatly. The patch is fairly straightforward to install, so there’s really no excuse not to do it – don’t leave it until it’s too late!
What to do
Magento is strongly urging that all Magento merchants implement the SUPEE-5344 security patch immediately, if they have not done so already. It is also recommended that you implement the patch for a separate remote code execution (SUPEE-1533), which was issued back in October 2014 if you have not already done so. Both of these patches will greatly improve the security of your website and ensure that hackers cannot expose these vulnerabilities.
Although installing patches is easy for Magento experts like us, we understand that not all merchants will feel the same way. Many merchants also have a billion-and-one other things they need to do. This is why we offer a Magento security patch implementation service. If you do not have time to apply the update yourself or require assistance, simply get in touch with the Magento eCommerce Agency and we will arrange to apply the update on your behalf.
Going forward, we recommend that all merchants ensure that they only work with Magento partners who apply security updates like this instantly. If you are currently working with a Magento partner who has not yet installed the update for you, it is a big sign that you need to take your business elsewhere and work with a more reliable partner, who remains in-the-know on all things related to Magento security.
If you are interested in partnering with the Magento eCommerce Agency get in touch today. When it comes to Magento security, we’ll never let you down.
Image credits: perspec_photo88 and perspec_photo88