Magento is the top choice for an E-Commerce store these days. It is customizable, easy to set up and comes with a number of built in features making it preferred CMS over many others like Shopify, WooCommerce, BigCommerce, etc. However, Magento has had its share of vulnerabilities right from Shoplift to XSS in the admin area. Being an E-Commerce platform, Magento security should be the top priority of store owners. However, things seem otherwise.
We analyzed one thousand Magento stores to check their security status. The results made a few things very clear:
- Outdated Version: A number of store owners still use outdated versions of Magento. New versions come with Magento security patches, however, admins still fail to update their stores to the latest versions.
- No Patches Installed: Magento community is quick to release patches once a vulnerability is released. We found that major security patches were still missing in a good number of stores.
- Information Disclosure: The majority of the stores still do not follow basic security practices like hiding the admin page, downloader page, and SWF uploader page.
Read about our findings in the infograph below: