On October 14, 2016, Magento released a security announcement video urging sites to upgrade their site immediately either by dating their Magento version or by applying a security patch. As development experts, Logic also suggests that all Magento sites comply with these recommendations.
What do the upgrades do?
- Remote code execution vulnerabilities with certain payment methods
- Possibility of SQL injections due to Zend Framework library vulnerabilities
- Improper session invalidation when an admin user logs out
- The ability for unauthorized users to backup Magento files or databases
A full list of security updates can be found in the Magento Security Center.
The security patch, SUPEE-8788, addresses the above security issues for Magento versions 1.9.3 and prior.
What should I do to be safe?
There are a couple options a site owner can select from to ensure their Magento site is secure and the optimal next step is taken.
- Apply the security patch. We recommend prior to applying the patch to your live site that you test this upgrade on a development environment to ensure issues to not arise.
- Upgrade the site to the newest version of Magento Community Edition 1.9.3. This is easier to apply if your site is already on a Magento 1.9.x version, but would be more difficult if you’re on an earlier version of Magento, such as 1.6, 1.7, 1.8, or even earlier.
- Upgrade to Magento 2. If you’re not on Magento 2 yet, we would recommend that you speak to an trained Magento developer to help you make this version jump.
- Contact your local eCommerce developer to perform a site assessment and recommend a solution.
- Use the opportunity to assess your site’s design and usability. If you’re looking to make a version jump (e.g. from Magento 1.8 to 1.9), this would be a great chance to reskin and retheme your site, and improve its overall function. Is your site performing as well as you’d like it to right now? Is it responsive? Where can the user journey be improved? Do you have any remarketing or abandoned cart saver strategies in place? These are all important eCommerce features to keep in mind!
How critical is this security update, really?
Well, considering it applies to the security of your site and sensitive customer data…it is VERY important. Don’t wait until your site is hacked or after you’ve lost potential revenue. Take action and call up an eCommerce site development expert today!