Want create site? Find Free WordPress Themes and plugins.

Managing Magento Security Updates

typing

We’ve mentioned before that it is a lot of work to keep your ecommerce environment secure, today we’re sharing some specific recommendations for managing Magento security updates.

  • Keep an eye on vendor communications – Magento typically sends notices of any security updates or serious breaches so keep an eye on your email – if you’re not signed up – do so here. You can also keep an eye out for updates and notices in the admin panel.
  • If you’re a Tenzing customer you can also look out for notices in the CSC. For example, we posted the following earlier this year:

“Please be informed that a security update to Magento has been released. Tenzing recommends reviewing the patch notes and applying the updates as soon as possible to help protect your Magento environment. To download the patch, go to My Account, select the Downloads tab, and then navigate to Magento Enterprise Edition > Support Patches. Look for the folder titled “Security Patches – January 2016.”

  • As the above message suggests, your best bet is to get the patches from within the app, or through the Magento portal. For higher profile patches you may find external links but be wary as these could be dupes set up to further compromise your site. It’s been reported that attackers are exploiting Magento users by pretending to offer a patch for the Shoplift bug, but instead appending JavaScript to application files, allowing them to strip payment information from order forms. In some cases, hackers are including the names of core Magento team members to make their code look more legitimate.
  • Magento makes it fairly easy to check if your site has been patched – for the above mentioned Shoplift bug, you can check if the patch has been applied here.

Although I’m sure you’ve heard it before, it bears repeating that the security of your Magento store is paramount to your success. Any breaches can have serious consequences to your business – from payment vendor penalties, to loss of customer trust.

Beyond responding to specific bugs, it’s worthwhile to research industry and platform best practices for security.

Did you find apk for android? You can find new Free Android Games and apps.