This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

CloudwaysCDN — a powerful solution that offers superior performance and satisfied global audience for your business. Read More

Keep Your Magento Store Updated to Prevent Getting Hacked

Updated on  4th February

3 Min Read
Reading Time: 3 minutes

Magento is one of the most preferred ecommerce software that is used by some of the biggest brands in the online commerce industry. That is one of the main reasons why it is at the receiving end of attacks from hackers.

Recently, Magento released new patches and asked all the Magento users to apply them as soon as possible. However, users react a bit slow out of fear of disrupting their flow of online commerce business.

If you are familiar with Murphy’s law, “things will go wrong in any given situation, if you give them a chance,” or more commonly, “whatever can go wrong, will go wrong.” Unfortunately, when you react slowly, you are actually giving a chance for things to go horribly wrong. Additionally, if your are not patching your Magento stores on time, then your website gets compromised and you lose out on sales and trust of customers.

If you are still thinking, what is the worst that can happen, then let me explain what can happen. If your site is not properly patched hackers can inject code in your Magento app and make them work for their own benefit. You may ask, how they can they do that? Let me explain.

I have encountered an issue which was really serious. When applying the latest patch, it occurred that the following file was already compromised app/code/core/Mage/Checkout/controllers/OnepageController.php,  thus the application of the patch failed

The following piece of code was appended in the file:

This code was found inside the public function savePaymentAction() in OnePageController.php. This OnePageController.php is located in app/code/core/Mage/Checkout/controllers/OnepageController.php

Originally, the function should be like this:

Now this added piece of code puts all the Credit Card details in an image, which can be pulled by the hacker. The additional layer of security of Cloudways Managed Magento server means that Cloudways customers remained safe. We strongly suggest you to apply all the patches right away to avoid multiple types of vulnerabilities.

Just imagine, all the credit card information of all your customers leaked! This would spell disaster for you and your Magento ecommerce store.

Share your opinion in the comment section. COMMENT NOW

Maaz Shah

Maaz Shah works as System Engineer for Cloudways. His days are spent in tackling technical troubles.

Start Growing with Cloudways Today.

Our Clients Love us because we never compromise on these

Get Our Newsletter
Be the first to get the latest updates and tutorials.