Magento Imagine 2015 has bought many good news for Ecommerce industry, worldwide. People all over the world had gathered for this conference. About 30% of the Ecommerce store trusts Magento. Magento framework is becoming the other name for Ecommerce store. But at the same time, Magento are on verge of solving serious security vulnerabilities through patches. Recently, they have released SUPEE-5994. Before days, they made a crucial move for solving security issues through release of patches SUPEE-1533 and SUPEE-5344.
Why the vulnerability was serious?
Every vulnerability should be marked as a serious issue because it harms the store by some or the other way. Talking about the vulnerability, Netanel Rubin ”“ the one who found the hole conveyed that it would risk over 2,30,000 magento stores, since the hole resulted in accessing the Admin rights of the store. And, once you get the Admin rights, you become the owner of that particular Ecommerce store. From customer’s information to credit card data you can remotely access each and every aspect of the store.
From Hacker’s point of view:
”¢ Hacked Magento Store can be used as an attacker for accessing other sites.
”¢ Hacker could host hacked magento site as a phishing site to our server.
”¢ Intercept the data from the hacked store and selling the same resulting into complete disclosure of the store’s information.
The solution for the vulnerability is available at Magento connect marketplace whereby you need to download the patch. The patch contains .sh file which needs to get executed through SSH credentials. This requires technical expertise and a precise communication between the developer and a store admin. Thus, a small mishap can lead to a greater vulnerability.
Let’s take the Milople’s way ”“ the easy way:
We found that the security patches ”“ SUPEE 1533, SUPEE 5344 and SUPEE-5994 mainly affects the below mentioned files from Magento:
Changes made through patch SUPEE 1533:
Changes made through patch SUPEE 5344:
Changes made through patch SUPEE 5994:
Steps to follow:
”¢ Take backup of your Magento store
”¢ Download the zip applicable to your store from the below mentioned table:
|Magento Version||SUPEE ”“ 1533||SUPEE ”“ 5344||SUPEE - 5994|
|Magento 18.104.22.168 - 22.214.171.124||SUPEE-1533-1.9.zip||SUPEE-5344-1.9.zip||SUPEE-5994-126.96.36.199.zip|
|Magento 188.8.131.52 ”“ 184.108.40.206||SUPEE-1533-1.6.zip||SUPEE-5344-1.6.zip||SUPEE-5994-1.6.zip|
|Magento 220.127.116.11 ”“ 18.104.22.168||SUPEE-5994-1.4.1.zip|
”¢ Unzip the downloaded file and paste the same under the Magento root directory.
NOTE: After installing the security patch SUPEE-5994, it is advisable to change the default admin path for security concerns.
Steps to change the default admin path:
”¢ Go to app/etc/ under your Magento root directory
”¢ Open local.xml file
”¢ Search for the following code:
”¢ Change Admin pathname to any other string of your choice. Here, we are changing the admin path name from “admin” to “milople”
”¢ Flush Magento cache
”¢ Access your backend via new URL. Here, the new URL would be https://mystorename.ex/milople/
If you find any hazards in changing your admin path or installing the patches, feel free to Contact Milople or ping us with your queries in the comment section mentioned below.
How to make your store secured enough?
- Make sure, to apply the patches on your Ecommerce store
- Always have the upgraded version of Magento. Contact Milople for further queries on the same.
- Keep yourself updated with the latest news on Magento and read Ecommerce relevant blogs.
Still worried about the patch?
After following the above mentioned steps, check whether the patch is installed successfully or not or whether the store is bug free or not by entering your Magento Ecommerce store URL on any of the below mentioned web url’s:
If you don’t get the optimistic reply after installing the patch, submit your queries in the comment section below.
Thus, you are done with the vulnerability issue and can now have the complete security to your Magento Store. Feel free to contact us or give us your valuable comments in the below noted comment section.Install Magento Supee patch without SSH and secure your Magento store from potential attacks Click To Tweet