Magento is the top choice for an E-Commerce store these days. It is customizable, easy to set up and comes with a number of built in features making it preferred CMS over many others like Shopify, WooCommerce, BigCommerce, etc. However, Magento has had its share of vulnerabilities right from Shoplift to XSS in the admin area. Being an E-Commerce platform, Magento security should be the top priority of store owners. However, things seem otherwise.
We analyzed one thousand Magento stores to check their security status. The results made a few things very clear:
- Outdated Version: A number of store owners still use outdated versions of Magento. New versions come with Magento security patches, however, admins still fail to update their stores to the latest versions.
- No Patches Installed: Magento community is quick to release patches once a vulnerability is released. We found that major security patches were still missing in a good number of stores.
- Information Disclosure: The majority of the stores still do not follow basic security practices like hiding the admin page, downloader page, and SWF uploader page.
Read about our findings in the infograph below:
[…] When it comes to empowering retailers and brands, Magento is one of the most widely used e-commerce platforms. However, with great power comes greater responsibility of adhering to security practices for safe e-commerce businesses. On the contrary, Magento is one of the highest targeted e-commerce platforms for credit card fraud and user credential theft, with a staggering 62% of stores containing atleast one security flaw. […]
[…] version. These CMSs have known vulnerabilities which hackers often exploit. A couple of years ago, Shoplift vulnerability was found in Magento stores. This vulnerability allowed hackers to remotely create an admin user in […]
[…] Right from Shoplift to XSS magento has had its share of security issues. Read our report and statistics on Magento Security. […]