As you may know, Magento recommends using a unique, custom Admin URL instead of the default “admin” or a common term such as “back-end”. Although it will not directly protect your site from a determined bad actor intending to steal your data, but it can reduce exposure to scripts that try to gain unauthorized access. Even though there is a custom URL set up for Admin, this does not necessarily mean that it will remain unexposed to someone, especially to attackers.
A new Magento security patch SUPEE-10415 was released on November 28th of 2017. It adds some security enhancements to your store by changing more than 30 files. Let’s dive into the details of the code changes that the patch makes.
One of the biggest benefits of Magento is that its numerous out-of-the-box features can be easily extended with many more modules, created by Magento community. Although some extensions have an almost plug-and-play installation process, it’s much better to do it under control of a professional. We get requests for installing third-party extensions daily, and we accumulated a great experience of how to upgrade your website with new features while keeping it safe and high-performing. While there is no instruction to fit all different cases, here are some things to consider when installing new modules.
Having a particular version of the software easily discoverable makes hacker’s job easier and allows automated scrapers to gather a database of URLs with particular software versions that can be used at an event of security vulnerability discovery for attacks. Of course, hiding the Magento version won’t be enough to secure your store, but it is just a simple step to take, just like changing your admin URL that makes store a little bit more secure.
We all know that security is critical in e-commerce and so does any reliable payment provider. This time, we’d like to point your attention to the upcoming security update that PayPal will be rolling out on June 17th and what you need to do to make sure that your Magento store is ready for it.
In one of our recent articles we have described Magento patch SUPEE-7405 installation and its code changes. But, as it turned out, this patch might cause some issues on the websites. And in order to reduce the number of issues Magento has released an update to the patch – SUPEE-7405 v1.1. It does not fix any security issues, meanwhile we would like to review what changes this update contains to understand its role: