Site secured, a random generated login password, firewall in place and even a Web Application Firewall installed, security all taken care of. All except one other factor, the ever increasing presence of phishing scams.
Here at DX3Webs we focus on providing the best hardware setup giving you the ideal platform to meet your needs. With a focus on the speed of your site our servers are high specification to enable a quick responsive experience for the end user. Carefully chosen hardware can only do so much, and it must be paired with the correct software to get the most out of it. Magento 2, at time of writing, fully supports PHP 7.0 and 7.1., here we look into why you should be giving serious consideration into migrating.
Security, security, security.
As covered in our recent blog online security is more important than ever. When running a bricks and mortar shop you would know to never leave the shop unattended, to lock the door and drop the shutters on a night and set the alarm. Online shops are the same and although the various forms of security are different (patches, firewalls) they have the same purpose, to protect your business. One of the more advanced means of securing your website is a Web Application Firewall (WAF). This is a solution whose function is to monitor, filter and if necessary, block, any HTTP/HTTPS traffic to and from the end users server. Essentially your firewall prevents non-HTTP/HTTPS attacks while the WAF would also prevent malicious or unwanted HTTP/HTTPs data allowing only safe traffic through to your server.
The figures speak for themselves. 78% of ecommerce websites are at risk of breach according to 60,000 scans on Magento sites carried out using Foregenix handy scan your website tool. The 78% of sites are missing critical patches where 5% are confirmed to have “harvesting malware stealing their customer details” according to the article.
The PCI council has stated that by the 30 June 2018 all SSL/early TLS encryption protocols should be disabled in favour of TLS 1.1 or higher
To provide further protection to our customers we will be actively scanning sites for the use of Direct Payment Method provided by Ebizmarts Sagepay suite and disabling these.
Black Friday and the long-term change in shoppers habits Barclay Card, who currently process nearly half of all UK debit and credit card transactions, stated there was a rise of 8% on 2016 spending during Black Friday. What these figure don’t show is a continuing shift in customers shopping habits with a decrease in people visiting stores and an increase in online sales.
New patch available for Magento: SUPEE-10570, Magento Commerce 126.96.36.199 and Open Source 188.8.131.52
In July 2018 Chrome will flag all NON-HTTPS pages as NOT SECURE.
Magento: Upgrade or Patch Now
Magento has released new versions of Magento Commerce and Magento Open Source to increase product security:
Magento Commerce 184.108.40.206
Magento Open Source 220.127.116.11
SUPEE-10415 (patch for earlier Magento 1.x versions)
These releases contain multiple security changes that help close cross-site scripting and authenticated Admin user remote code execution vulnerabilities.
We strongly recommend that all merchants upgrade to these versions as soon as is reasonably possible.
Download and install the Magento Commerce updates by logging into My Account and navigating to the version you want to download.
More information about these security changes is available on the Magento Security Center. Full details are available in these release notes:
Magento Hosting Specialists
SUPEE-10266, Magento Commerce 18.104.22.168 and Open Source 22.214.171.124 contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.
Looking back at developments in 2016
A number of customers are reporting similar emails all claiming that their cards have been fraudulently used
Access is locked. Please try again in a few minutes.. changes to Magneto Connect / downloader security model.
Magento 1 SUPEE-8788, Enterprise Edition 1.14.3 and Community Edition 1.9.3 address Zend framework and payment vulnerabilities and several other security enhancements
The time when all sites will require an SSL certificate is fast approaching.
Installing a small extension could double the response time of your magento 1,9x site.. for free
If you have not done so already please update all copies of Webforms Pro to the latest verison
A practical case study of AWS v Dx3
Magento 2 is firmly here This week Magento 2.1.0 was released passing that key .1 mile stone. After a few buggy releases this marks the point where Magento 2 is stable and ready for the real world