The strengths of Open Source Software – freely open source code and community collaboration – also contribute to potential security issues. Security vulnerabilities are easy to discover by reviewing source code. While Magento does not stand alone when it comes to these risks, it has unfortunately been a target of attack as is illustrated by the numerous security patches published by Magento, Inc.
Keeping your Magento installation up-to-date with new patches is critical for the security of your customer data. If malware infects your Magento website, your customer’s data, including credit card data, may be compromised, leaving you, the business owner, in an extremely bad situation. You may face backlash on social media, or worse, legal trouble.
What is a patch?
A patch is a special file called a diff that details the difference between a piece of source code with security vulnerabilities and the new source code that “patches” these vulnerabilities. Executing these diffs changes the core Magento source code to make it more secure, and these diffs are distributed each time new security vulnerabilities are discovered.
Want to find out if your Magento website is up-to-date with the latest security patches? Head on over to our security tool to view a report for your website.
Other Magento Security Tips
- Change your admin password frequently (Admin::System::Permissions::Users)
- Delete admin users that are not being used (Admin::System::Permissions::Users)
- Avoid sharing FTP or SSH information with third-parties, or create and delete these accounts as needed.
- Keep all third-party extensions up to date.
- Remove unused third-party extensions
- If you use WordPress in tandem with Magento for content management, install WordPress on a separate user account to prevent WordPress infections from infecting Magento
- Perform regular backups on your Magento filesystem and database
- Track code changes with a utility like Tripwire and store your source code using Git