Category: Magento
-
PHP VULNERABILITY
Magento recently put out the following warning to all merchants. A vulnerability has recently been discovered in PHP and we recommend Magento Commerce customers adopt changes to address the issue. MS-ISAC has issued an alert related to multiple vulnerabilities that could allow for arbitrary code execution and a recommendation that all sites using PHP should […]
-
INDEXES: REASONS NOT TO REFRESH
A presentation by John Hughes on indexes and why refreshing them is not best practice or as he put it “Stop refreshing the @#$%&! indexes” The presentation takes an irreverent look at indexes laying out the aims, what indexes are, their impact on performance and what should be done. We also have knights, kings, dancing and […]
-
SUPEE 11155 – MAGENTO SECURITY UPDATE
Supee-11155 has now been released. This update offers a range of security updates that help close remote code executions (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities. This is an important update given the range of security issues addressed. Patches and upgrades are available for the following Magento versions: Magento Commerce […]
-
WORKING WITH MULTIPLE PHP VERSIONS ON CLI / COMPOSER
There are a few reasons why we built our hosting solution around Plesk. 1) It is extremely light weight. Essentially its only function is to provide a front end for configuring nginx / apache / php. That is it. There are no other over heads. 2) It is extremely flexible. You can specify any version […]
-
ENABLE PHP 5.6 ON UBUNTU 18.04 / PLESK 17.8
Ubuntu 14.04 reaches end of live at the end of April 2019. So OS upgrades will be at the top of a lot of sysadmin TODO lists right now. While Ubuntu 16.04 will be supported till April 2021 most will be looking to jump to Ubuntu 18.04 which be now be supported for TEN YEARS […]
-
PATCH: SUPEE-11086
Magento Commerce 1.14.4.1 and Open Source 1.9.4.1. Contains multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities. Available for: Magento Commerce 1.9.0.0-1.14.4.0 (supee-11086 or upgrade to Magento Commerce 1.14.4.1) Magento Open Source 1.5.0.0-1.9.4.0 (SUPEE-11086 or upgrade to Magento Open Source 1.9.4.1) Information for all […]
-
MAGENTO RELEASES AND SECURITY UPDATES MARCH 26TH
The release of Magento 2.3.1 is to include the Page Builder content editing tool, inventory and performance enhancements as well as developer and security updates. Updated versions of Magento 1, 2.1 and 2.2 are to be made available on the same day. Page Builder Exclusive to Commerce 2.3.1. No coding required to design and build […]
-
MAGESTORE LOCATOR EXTENSION: CRITICAL VULNERABILITY
The Magestore Locator extension version 1.0.2 (and earlier versions) that could result in unauthorised access to sensitive information. Magento has urged customers running Magestore Locator extension to disable it or block requests and request/implement an update from the extension developer. Magento has had reports that the extension has been exploited. In particular users should have their […]
-
POST-PURCHASE: DELIVERY
Post-Purchase: an undervalued opportunity? Your customer has hit that buy button and your job has only just started. Communication When managing and growing an eCommerce store, providing delivery choices and keeping your customers up-to-date during the process can lead to a better relationship and return business. As we know, acknowledging an order and providing a tracking […]
-
AUTHORIZE.NET DIRECT POST ENDING SUPPORT FOR MD5 BASED HASH.
Authorize.Net: support ending for MD5 Authorize.net will stop supporting MD5 based hash usage on March 14. Magento implements the Authorize.Net Direct Post payment method, using Authorize.Net’s AIM (Advanced Integration Method) and DPM (Direct Post method) APIs, which use MD5 based hash. Authorize.Net will stop supporting MD5 based hash tag on March 14. This issue affects all Magento […]
