Home  »  Security

Security

Scan Your Magento & Fix Any Vulnerabilities

Sadly not many Magento companies keep on top of the Magento security work required to keep your site safe and website owners have no/little knowledge of this… resulting inevitably with your website being hacked and it really is a question of when you will be hacked, as opposed to if you will be hacked! Flexiweb provide additional services, running scans on your Magento store checking for known vulnerabilities and then tightening up your Magento security. Below are some examples of what we are looking for with your Magento security.

Enquire now regarding any magento ecommerce requirement you have including:

  • Free scan and secure your magento website
  • Upgrade your magento ecommerce website
  • New build of optimized magento ecommerce store
  • Maintenance of current magento store
Enquire Now!

Credit Card Hijack

This Hijack was discovered on 17th November 2015 and malicious javascript code is injected into your Magento allowing hackers to intercept bank card data.

Security Patch 6482 (XSS)

Hackers can take control over customer sessions on Enterprise version and other minor risks in Community version. This patch fixes the leak.

Ransomware

Virus detected 9th November 2015, this virus encrypts the Magento installation files and then holds you to ransom if you want access again.

Unprotected Magmi

This is alternative mass data importer i.e. products etc. however this tool can give out full access to your database, if it is not protected.

Security Patch 6788

(secrets leak) This patch was released 27th October 2015 and hackers can steal your passwords and customer data if its not applied. When applying this patch it has an attendance to break the front-end with custom work done, so using a staging server is vital when applying any security patches.

Unprotected Development Files

By default /dev directories are not protected. /dev directories and files might reveal your passwords and any other sensitive data.

GuruInc Javascript Hack

This is a form of malware and once it has infected your shop, it then infects the visitors.

Admin/Downloader Unprotected

Brute force attacks are easily attempted if you don’t protect these folders. Why make it easy for hackers, change admin directory and deny access to the downloader folder.

Cacheleak Vulnerability

Misconfiguration with your web server can leak cache files which contains your database password.

Unmaintained Server

Maintaining your server and updating your php versions, mysql, plesk, cpanel etc help prevent bugs and security leaks with the version releases.

Outdated Magento Version

Old versions of Magento particularly with versions before community 1.4.0 and Magento enterprise 1.10 have had major monthly security fixes since these releases.

Security Patch 5344

(Shoplift) Nasty bug which allows hackers to take full control of your store, steal customer data and tamper with your payments. Patch 5344 fixes this problem.

Unprotected Version Control

If left unprotected they can reveal sensitive data including passwords.

SSL Protection

You should always have SSL installed on your store, protecting visitors from hackers who are trying to hijack information.

Security Patch 5994

(Admin Disclosure) This patch protects you from hackers attempting to locate the url of your Magento backend admin area. Without access to this you are safe from brute force attacks.

Security Patch 6285

(XSS, RSS) Hackers are able to download your shop orders and take over customer sessions. This patch was released on 7th July 2015.

Security Patch 7405

Resolving several security fixes and important leaks which allow hackers to take control of your Magento back-end store.

Security Patch 8788

Critical patch as attackers can create an admin account and execute code. This is also a dependent patch and we need to check the website for patch 1533 before installing.

Security Patch 9652

Bug within the Zend Framework’s Sendmail which allows attackers to execute PHP code through the adapter if this patch is not implemented.

Security Patch 9767

Patch released 31st May 2017 and protects several security issues such as leaking information, cross site scripting and any remote code execution.

Security Patch 10266

SUPEE 10266 released 14th September 2017 and fixes several issues CSRF, remote code exectuion, data leaking.

Security patch 10415

SUPEE-10415 released 28th November 2017 and fixes several security issues.

Not just another agency, we believe in helping you to get to your happy place.

As a result driven eCommerce agency, we take “GENERATING RESULT” as part of your “happy place”. Please checkout few eCommerce business success stories.

  • Free scan and secure your magento website
  • Upgrade your magento ecommerce website
  • New build of optimized magento ecommerce store
  • Maintenance of current magento store

    Contact Us

    Get in touch with us.

    [email protected]
    +44 1865 58 9117

    Follow Us

    Where To Find Us

    85 Great Portland Street,
    First Floor
    London W1W 7LT

    Privacy Policy

    Copyright © All rights reserved.