Magereport and Patches
Magereport is a free online tool created by the Magento hosting specialists, Byte.
The safe to run tool accesses your site the same way as any customer might, meaning that it's not breaking into, or in any way modifying your website to find out this information. In fact, some items will come up as "unknown" because it can't tell from the outside.
By looking for common publicly-visible indications and requesting key files, the tool will generate a report that informs you of the security measures and patches you have installed and which you are missing.
All the tool requires is a URL to your store to begin the report.
The SUPEE patches are those that are released officially by Magento themselves and are required to be installed in order to protect against newly discovered security dangers. Each patch accomplishes a different aim in regards to security, so having missing patches on your site is an absolute risk which should be addressed as soon as they are brought to your attention.
For updates on when Magento have released a new security patch, visit Magento's Security Center.
Magereport also scans against any security measures your site is lacking, such as protection against brute force attacks, a method used by criminals where they try thousands of password combinations for your admin portal, Campaigner RCE vulnerability protection, which protects against The Campaigner Remote Code Execution that allows a remote attacker to take control over your shop and protection against malware to name a few.
The Risks of Missing Patches¶
Having holes in your security opens up a plethora of dangers for your shop, ranging from your site and checkout going down to personal details in relation to customers being seized and stolen.
If your site has had vulnerabilities in place for while, then it's safer (rather than being sorry) to assume that your site has already been compromised.
How We Can Help¶
We at Edmonds Commerce value your shop's security as one of the most important aspects of your website across the board.
If you're thinking about reaching out to us about a potential requirement for your site, we'll take the time to check the security status of your website via Magereport and inform you of the results.
Our team of expert, certified Magento developers are on hand to install and apply any missing measures and patches the report finds in order to keep your shop as secure as possible.
If you're already with us, then you're always welcome to subscribe to our newsletter list which is sent out to those who have every time a new patch is released. Raising this with yourselves is crucial so that you're aware of it and can request to have it installed as soon as possible.
As well as the newsletter, we're able to install new patches straight away once they're released pending a previous agreement. For more information on this, please email us on firstname.lastname@example.org.