Magento is the top choice for an E-Commerse store these days. It is customizable, easy to setup and comes with a number of built in feature making it preferred CMS over many others like Shopify, WooCommerce, BigCommerce etc. However, Magento has had its share of vulnerabilities right from Shoplift to XSS in admin area. Being an E-Commerce platform, magento security should be the top priority of store owners. However, things seem otherwise.

This Blog Includes show

We analyzed one thousand Magento stores to check their security status. The results made a few things very clear:

  • Outdated Version: A number of store owners still use outdated versions of Magento. New versions come with magento security patches, however admins still fail to update their stores to the latest versions.
  • No Patches Installed: Magento community is quick to release patches once a vulnerability is released. We found that major security patches were still missing in a good number of stores.
  • Information Disclosure: Majority of the stores still do not follow basic security practices like hiding the admin page, downloader page and swf uploader page.

Read about our findings in the infograph below:

Magento Security Statistics Infograph by Astra Security

Was this post helpful?

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Astra Team

We are on a mission to make web a more secure place, one website at a time!


  1. [BLOCKED BY STBV] 5 Magento Extensions that could be the cause of your store being hacked - Astra Web Security Blog - Reply

    […] When it comes to empowering retailers and brands, Magento is one of the most widely used e-commerce platforms. However, with great power comes greater responsibility of adhering to security practices for safe e-commerce businesses. On the contrary, Magento is one of the highest targeted e-commerce platforms for credit card fraud and user credential theft, with a staggering 62% of stores containing atleast one security flaw.  […]

  2. Top 5 Ways Hackers Hack Your Website During Thanksgiving Sales & How To Prevent Them - Astra Web Security Blog - Reply

    […] version. These CMSs have known vulnerabilities which hackers often exploit. A couple of years ago, Shoplift vulnerability was found in Magento stores. This vulnerability allowed hackers to remotely create an admin user in […]

  3. Magento Security – wordpress Security - Reply

    […] Right from Shoplift to XSS magento has had its share of security issues. Read our report and statistics on Magento Security. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Free Website Security Scanner