WordPress and Magento - are there hazards lurking beneath the surface?

There are a profusion of website development companies that offer their clients solutions based around quick build 3rd party software, such as Magento and Wordpress. Their solutions seem to offer everything you could possible require, but are there hazards lurking beneath the surface?

In a word yes!

This is illustrated by a critical vulnerability found in January 2015 in Magento, the most popular E-Commerce quick build solution, affecting over 100,000 E-Commerce websites. Although a patch to close the vulnerability was issued in February 2015, as of the 24th of April 2015 approximately 98,000 websites remain un-patched and vulnerable.

This particular vulnerability enables hackers to by-pass all security, to gain full access and control over both the store and its content; allowing  criminals to access shoppers personal information, payment card information, change item prices and create voucher codes.  Such is the urgency on installing  this patch, Magento, owned by Ebay, have been forced to email users of the system, instructing them to apply the patch urgently.

See this video to see how easy it is to steal from a Magento E-Commerce website that has been hacked.

Quick build software products, such as WordPress and Megento, used by less experienced developers to provide quick and cheap web solutions, are the victim of repeated hacks because of their popularity, and the public availability of the code base.

The number of plugin vulnerabilities for WordPress in early 2015 was so widespread the FBI issued warnings.

When considering the options for your websites it is important to consider the security of your website and your client’s data. Can you afford the financial loss or the damage to your reputation if your site is hacked?

Further reading
Net Security Organisation
The Register
Federal Bureau of Investigation 

Share this article: