The perils of Wordpress integration with Magento (and anything else)

The perils of Wordpress integration with Magento (and anything else)

WordPress has once again been the butt of many social media postings regarding security after another WordPress vulnerability was found in the MailPoet plugin details here>

No matter how useful you find WordPress there is no doubt that if offers a large target for anyone wanting to hack your site.  By combining WordPress and Magento both applications are at risk.

Magento / Ebay even took the opportunity to send out the following warning:

Protect the Security of Your Magento Implementation

As you may have read, a popular WordPress plugin, MailPoet, has a vulnerability that allows a potential hacker to upload PHP files to your server and execute them. In a few cases, this vulnerability has been used against Magento software that resides on the same server.

We recommend that all Magento merchants using WordPress immediately update the MailPoet plugin to remove this vulnerability. More information about this update is available at http://www.mailpoet.com/blog/. You should also review your server logs for anything that may be out of the ordinary.

However, the utility offered by WordPress will ensure that it continues to be massively popular and there are a few simple steps  you can do to keep your sites safe.

  • Keep your wordpress code base and plugins up to date.
  • Install and configure a suitable ‘firewall’ plugin.  We can recommend “All In One WordPress Security Plugin” which provides a  range of features including scans for common exploits / .htaccess hardening / login security etc
  • If possible keep your blog on a different account to your magento store.
  • Ensure the lowest possible file permissions for files and folders

Remember that Dx3webs always has 7 days worth of backups for your files and database so if the worst happens we can restore your site.

We have scanned every single server we control and can confirm that none have this plugin installed.

Moving forward we will be installing software that monitors all servers for WordPress installations and will flag all out-of-date extensions and WordPress versions so we can pro-actively help you protect your sites.

© Dx3webs Ltd. All Rights Reserved. | Company No. 08221801 | VAT No GB142 6020 55 | Terms & Conditions | Privacy Policy