Magento has continued to be the leading platform in eCommerce with estimates suggesting it is implemented in 1 in 4 online businesses. With the release of Magento 2 in 2015 the development team aimed to ensure its popularity as the leading eCommerce platform.
Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. It is installed in front of any server that speaks HTTP and configured to cache the contents. The user puts in a request which first goes to the Varnish server and if no cache exists would pass straight though to the end server. If cache is held in Varnish memory the page is delivered substantially faster than having the server process everything again on disk. Varnish is a magnitude faster than relying on only Magento’s cache alone.
Site secured, a random generated login password, firewall in place and even a Web Application Firewall installed, security all taken care of. All except one other factor, the ever increasing presence of phishing scams.
Here at DX3Webs we focus on providing the best hardware setup giving you the ideal platform to meet your needs. With a focus on the speed of your site our servers are high specification to enable a quick responsive experience for the end user. Carefully chosen hardware can only do so much, and it must be paired with the correct software to get the most out of it. Magento 2, at time of writing, fully supports PHP 7.0 and 7.1., here we look into why you should be giving serious consideration into migrating.
Security, security, security.
As covered in our recent blog online security is more important than ever. When running a bricks and mortar shop you would know to never leave the shop unattended, to lock the door and drop the shutters on a night and set the alarm. Online shops are the same and although the various forms of security are different (patches, firewalls) they have the same purpose, to protect your business. One of the more advanced means of securing your website is a Web Application Firewall (WAF). This is a solution whose function is to monitor, filter and if necessary, block, any HTTP/HTTPS traffic to and from the end users server. Essentially your firewall prevents non-HTTP/HTTPS attacks while the WAF would also prevent malicious or unwanted HTTP/HTTPs data allowing only safe traffic through to your server.
The figures speak for themselves. 78% of ecommerce websites are at risk of breach according to 60,000 scans on Magento sites carried out using Foregenix handy scan your website tool. The 78% of sites are missing critical patches where 5% are confirmed to have “harvesting malware stealing their customer details” according to the article.
The PCI council has stated that by the 30 June 2018 all SSL/early TLS encryption protocols should be disabled in favour of TLS 1.1 or higher
To provide further protection to our customers we will be actively scanning sites for the use of Direct Payment Method provided by Ebizmarts Sagepay suite and disabling these.
Black Friday and the long-term change in shoppers habits Barclay Card, who currently process nearly half of all UK debit and credit card transactions, stated there was a rise of 8% on 2016 spending during Black Friday. What these figure don’t show is a continuing shift in customers shopping habits with a decrease in people visiting stores and an increase in online sales.
New patch available for Magento: SUPEE-10570, Magento Commerce 1.14.3.8 and Open Source 1.9.3.8
Magento has released new versions of Magento Commerce and Magento Open Source to increase product security:
Magento Commerce 1.14.3.7
Magento Open Source 1.9.3.7
SUPEE-10415 (patch for earlier Magento 1.x versions)
These releases contain multiple security changes that help close cross-site scripting and authenticated Admin user remote code execution vulnerabilities.
We strongly recommend that all merchants upgrade to these versions as soon as is reasonably possible.
Download and install the Magento Commerce updates by logging into My Account and navigating to the version you want to download.
Magento Open Source software is available from the Magento Open Source download page. (See How to Apply and Revert Magento Patches for Magento 1.x instructions.)
More information about these security changes is available on the Magento Security Center. Full details are available in these release notes:
Magento Commerce Release Notes (1.14 and later)
Magento Open Source Release Notes (1.9 and later).
Magento Hosting Specialists
SUPEE-10266, Magento Commerce 1.4.3.6 and Open Source 1.9.3.6 contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.
This simple meta tag can help resolve insecure or mixed content errors when moving to full site https
A number of customers are reporting similar emails all claiming that their cards have been fraudulently used
Access is locked. Please try again in a few minutes.. changes to Magneto Connect / downloader security model.
Magento 1 SUPEE-8788, Enterprise Edition 1.14.3 and Community Edition 1.9.3 address Zend framework and payment vulnerabilities and several other security enhancements
