Magento 2 security topics play a significant role in the success of every online business. Nowadays, this topic has become even more important due to the huge number of various hacker attacks and sensitive data leaks worldwide. It is the duty of every website manager is to make sure that the key security rules are followed and the website is well-protected. The following article describes the most critical security issues and measures required for every website.
A new Magento security patch SUPEE-10415 was released on November 28th of 2017. It adds some security enhancements to your store by changing more than 30 files. Let’s dive into the details of the code changes that the patch makes.
This post is a short inside-out of the newly released Magento 1 SUPEE-9652 security patch. The patch prohibits an injection of executable code to the Magento email “Reply To” param, if the “Return Path” for emails is enabled. So let’s check what it does.
When Magento releases new security patches, we often get questions from clients like why they should invest money into having those patches applied to their Magento installation. In this blog post we’ll describe the importance of the patches and emphasize their role in having your Magento website functioning properly.
Recent security patches have covered many security leaks. Some of the changes were added via .htaccess files either in Magento root or in specific directories (e.g. shell directory). These fixes will be applied automatically, if your Magento 1.x installation is running on Apache 2, but it won’t work if you prefer Nginx. In this post we will show you the proper Nginx config which provides the same result with a few additions.
The Magento team releases patches when any vulnerability in the system is found in order to keep Magento secure and reliable. On Feb 2015, Magento has already released one critical security patch (SUPEE-5344), which was aimed to address a remote command execution. It’s been more than two months since the release and still more than 50% of all of the Magento installations worldwide have not been patched and are being open to attacks.