Magento Security: Patch it up before it’s too late!

Care to share?

Magento has been releasing patches more frequently as of late. That’s good though! It means they’re fixing the bugs and errors that they and the users discover. This however, means you should be installing these patches on your platform! Relatively quick installation helps you stay safe, since you may be a target to hackers who are waiting to take advantage of an unpatched site.

As you may or may not know, Magento released another patch last week  (SUPEE-6788). The patch addresses 10 issues identified through Magento’s security program. There are no large security threats addressed by the patch, but it’s vital to keep your platform up to date to keep it secure. Magento also claim that the path has nothing to do with the Guruincsite malware issue that occurred 2 weeks ago. If you are not sure whether your site is properly patched and up to date contact your developers or contact us and we can help you out!

Be aware that the patch breaks backward compatibility, meaning that your extensions and customizations may occur. With custom made Magento sites it may not be enough to just install the patch. Your developers may have to rewrite some of the code in order for the patch to work properly. Patches are available for Magento Community Edition 1.4 and up, and Magento Enterprise edition 1.7 and later releases. Do keep in mind that you need all previous security patches installed to make sure this one works properly. Patching can take from an hour to a whole day, so be sure to put it as your priority if you have a customized site.

Here at Divante we regularly take care of patching for our clients. Since the patches have been coming out in numbers recently we make sure that all our customers software is up to date and patched. We’ve had to deal with the more difficult patching among our clients with customized or more complex sites.

In order to guarantee the highest level of service we always have a team of testers who check the site after patching to make sure all functions are working properly. We only launch the site after a patch if no errors are reported, and we get a ‘Good to Go’ from our testers.   

Don’t be surprised if you see more patches coming out in the future, especially if you are using Magento 1. Magento have stopped with any further development of this version since they’re mainly focusing on Magento 2. But don’t worry they’re still looking for flaws in the software and improving it. That’s where all the patches come from.

If you’re not sure about the security of your site be sure to check out this article about eCommerce security.

If you’re still confused about all the patching, don’t worry, give us a shout and we’ll help you out!

Published November 4, 2015