For years OpenCart has been a popular choice for e-commerce websites due to its ease of use, simple installation, and minimal investment. Popularity comes at a price – OpenCart has been target to malware, credit card skimming, backdoors and very targeted exploits.
We work with OpenCart store owners round the clock in cleaning malware injections and the reasons for being hacked are always the same.
The top reasons for you OpenCart store being hacked:
1. OpenCart Version Has Never Been Updated
Since many of the OpenCart stores have been customized by changing the core files, developers avoid updating the OpenCart version and lose out on critical security patches.
It is good practice to use a Modification System to update your OpenCart Store:
- For OpenCart 2.X – Use the default system called OpenCart Modification System (OCMOD)
- For OpenCart 1.5.X – Use vQmod modification system
If you have made all your modifications using any of the above modification systems, you can update your OpenCart store without any hassle in future. This will ensure that latest security patches are installed and your store is malware free.
2. Plugins With Weak Security Practices
As a thumb rule, only install extensions from trusted developers. Plugins that do not follow the security best practices, may leave critical vulnerabilities which are commonly exploited by hackers.
3. No Website Firewall or Bad Bot Protection
Due to automation, it is very easy to find and exploit vulnerabilities. Use of a Website Firewall like Astra is very important to fight hackers and bad bots. Such firewalls scan all incoming requests and block all hack attempts and OpenCart malware.
4. Unrestricted File Uploads & Unsanitized User Inputs
Some older versions of OpenCart were vulnerable to input field manipulation and could be used to inject malicious payloads. Custom developed features usually lack proper input sanitization like XSS removal, data validation & encoding before storing in the database. An example payload can be seen below.
Consequences of OpenCart Malware
Without necessary security mechanisms, hackers are able to run their malicious code on vulnerable websites like. The consequences of OpenCart Malware Injection can be fatal:
- Google Safe Browsing Blacklisting
- Theft of Customer Data
- Theft of Transaction Records
- Unwanted Redirects to Malicious Sites
- Spamvertizing
Google regularly runs malware scans and notifies Google Search users if any malware is found on your OpenCart store. This will result in a loss of reputation for your store and customers may not feel safe performing transactions. “This Might be Hacked” warning from Google looks like this:
How You Can Avoid OpenCart Malware Injection
Since OpenCart is Open Source, attackers have a better idea of the software you’re running and any publicly known security issues. Use the following proactive security tips to secure your store from OpenCart malware:
- Delete the “/install” directory after setup is complete
- Set the correct file permissions for files and folders
- Folders should have 755 permission
- Files should have 644 permission
- config.php and admin/config.php should have 444 permission
- Regularly update your OpenCart version
- Use a modification system like OCMOD or vQmod to make changes to the OC core
- Only install extensions by Trusted Developers
- Change the Admin URL by renaming the ‘admin’ folder. It should be a secret word that only you should know.
- Disable Directory by adding this code to your .htaccess file
Options -Indexes - Use of a Website Firewall like Astra to fight hackers and bad bots
If you’ve faced similar problems because of malware, tell us in the comments section below. We may be able to help!
Also, check the case study of Dim-el, E-commerce store powered by Opencart and how Astra firewall secured it from the attackers.
