Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website security. Online shopping, to many people, is almost synonymous with a certain kind of risk – and not without good reason. Over the holidays, we wrote a lot about the rise of credit card swipers.
With the increasing popularity of the free, open-source Magento Community Edition, more business owners are able to sell their products online without having to take on the cost of a closed platform.
Like any open-source CMS, there are more eyes looking at the code. This can be good to increase the frequency and depth of the code review process, but it can also open up doors for hackers looking to exploit vulnerabilities.
A Guide to Fixing Hacked Magento Sites
Like our first two guides for WordPress and Joomla!, our Magento guide explores manual cleanup methods, extensions, and online scanners to help you identify a security incident and remove the hack. The guides also include important post-hack actions to prevent reinfection.
For the Magento guide specifically, we added brand new sections on PCI compliance, ecommerce security, and expanded information about SSL. We also took up the challenge of addressing both Magento 1.x and 2.x versions because the vast majority of users are still on the 1.x branch.
This guide will offer an appropriate foundation for resolving a Magento security incident.
While this guide keeps our tradition of providing clear step-by-step instructions and recommendations for both beginner and intermediate users, we added space for the special considerations when it comes to an ecommerce hack.
We researched the best practices and used knowledge from our team of security professionals to provide the most value possible.
With careful attention to how Magento works, and the common types of infections we see, we hope this guide will be a helpful resource for Magento webmasters.
Sign Up for the Webinar
We also have a webinar coming up to accompany the guide.
This continues our series of webinars put together by our team over the past few months. The webinar will be hosted by our Incident Response Team (IRT) to walk you through the steps a website owner can take to clean an infected Magento site.
Cesar Anjos is a Tier 3 Security Analyst who has been with us for three years and has firsthand experience in working with today’s hacks. He has spent countless hours assisting website owners like you to identify, remove, and protect hacked Magento sites.
Get Help or Contribute
We value any comments or suggestions to help us improve the guide over time. These guides are part of our vision of becoming a constant in the evolving landscape of website security. We can’t do that without you – our community of loyal blog readers.
If you find the guide useful and have suggestions for future guides, we’d love to hear from you! Get in touch with us by emailing: firstname.lastname@example.org
Any questions you may have can usually be answered by posting them on the Magento Support forums, which are actively maintained by the community. You can also chat with us to learn how we can help you fix and prevent Magento hacks.
Update: We have just released a Magento security guide. Check it out!