Magento is the top choice for an E-Commerse store these days. It is customizable, easy to setup and comes with a number of built in feature making it preferred CMS over many others like Shopify, WooCommerce, BigCommerce etc. However, Magento has had its share of vulnerabilities right from Shoplift to XSS in admin area. Being an E-Commerce platform, magento security should be the top priority of store owners. However, things seem otherwise.
We analyzed one thousand Magento stores to check their security status. The results made a few things very clear:
- Outdated Version: A number of store owners still use outdated versions of Magento. New versions come with magento security patches, however admins still fail to update their stores to the latest versions.
- No Patches Installed: Magento community is quick to release patches once a vulnerability is released. We found that major security patches were still missing in a good number of stores.
- Information Disclosure: Majority of the stores still do not follow basic security practices like hiding the admin page, downloader page and swf uploader page.
Read about our findings in the infograph below: