Your website is under attack, you just don't know it yet.

Magento 2 security and hacking More Information on Magento Upgrades

It’s a true fact for all online retailers, that every day their ecommerce webstore is under attack from hackers. So just how important is it to stay aware of the risk, and adopt a proactive mindset rather than reactive.

If you don’t keep your ecommerce website up-to-date this is a very real fact. If you slump into the mindset that you had an ecommerce website built a few years ago, so you can now relax and focus on other things, you would be very wrong.

Whilst this specifically looks at Magento store owners, the same principles can be applied to any ecommerce website. Keeping in mind security is not a list of things to do, but a way of thinking. Adopt the mind-set that at some point you will be attacked. So be proactive to prevent this rather than remain reactive to a breach. In this short article we look at just one element of security within Magento which relates to the coding language of PHP that Magento, and many other ecommerce platforms, are written in.

Here’s a quick breakdown of the history of PHP.

  • 1994 - PHP was originally created
  • 1997 - PHP 2 released
  • 1998 - PHP 3 released
  • 2000 - PHP 4 released powered by Zend Engine 1
  • 2004 - PHP 5 released powered by Zend Engine 2
  • 2005 - PHP5 only supported stable version under development
  • 2007 - Magento 1 released
  • 2014 - PHP 7 developed with PHP6 never really being released
  • 2015 - Magento 2 released
  • 2018 - Official Security support for PHP5.6 ended

What this demonstrates is that the technology world keeps changing, no sooner is one version released, a newer version is in the works. In 2017 over 3% of all online vulnerabilities were attributed to PHP. So whilst this figure doesn’t seem high, you have to keep in mind this is just one cog in a much bigger machine. Each carrying their own risks, requiring their own updates. Whether this is PHP, MySQL the web browser you use, the operating system on your desktop computer or the security protocols you operate within your business. There are many moving parts, each of which carries a level of risk.

Magento 2 uses PHP 7.x This means the ecommerce website is utilising the very latest technologies, and security patches will be as up-to-date as they can be, giving you one less thing to worry about.

If your Magento ecommerce website has not been updated since 2015, or if you are running an ecommerce website built on older technologies that are using a version of PHP older than version 7. Then you are almost certainly opening yourself to a much higher risk of attack. Additionally, by not being up-to-date you are also bringing into question your level of GDPR and PCI compliance.

If you are unsure about the level of security and version of PHP your current website is using, then get in touch for a no obligation appraisal of your website.