Managing Magento Security Updates
We’ve mentioned before that it is a lot of work to keep your ecommerce environment secure, today we’re sharing some specific recommendations for managing Magento security updates.
- Keep an eye on vendor communications – Magento typically sends notices of any security updates or serious breaches so keep an eye on your email – if you’re not signed up – do so here. You can also keep an eye out for updates and notices in the admin panel.
- If you’re a Tenzing customer you can also look out for notices in the CSC. For example, we posted the following earlier this year:
“Please be informed that a security update to Magento has been released. Tenzing recommends reviewing the patch notes and applying the updates as soon as possible to help protect your Magento environment. To download the patch, go to My Account, select the Downloads tab, and then navigate to Magento Enterprise Edition > Support Patches. Look for the folder titled “Security Patches – January 2016.”
- Magento makes it fairly easy to check if your site has been patched – for the above mentioned Shoplift bug, you can check if the patch has been applied here.
Although I’m sure you’ve heard it before, it bears repeating that the security of your Magento store is paramount to your success. Any breaches can have serious consequences to your business – from payment vendor penalties, to loss of customer trust.
Beyond responding to specific bugs, it’s worthwhile to research industry and platform best practices for security.
- For industry best practices you can download Tenzings Ecommerce Security Services and Best Practices here – it includes best practices and service recommendations for all elements of your ecommerce environments.
- For Magento best practices, check out their comprehensive blog post on security best practices and our 7 Tips to securing Magento on AWS infographic
- Vulnerability Management is a key to ongoing ecommerce security, find out why in our infographic and learn more about building a vulnerability management program in our ebook.