Throughout 2015, Magento uncovered a number of important security issues in the platform. These issues have been addressed via a number of Magento security patches that remove the vulnerabilities for all affected versions. Keeping a website up to date and secure is always important, eCommerce sites especially. So, are these important and worth addressing?
Short answer – YES!
While the popularity of the Magento platform brings lots of advantages; large support community, huge variety of plugins and great integrations with 3rd party systems. A major drawback is the amount of attention it gets from hackers. This means it is incredibly important to keep your site up to date with all of the latest security patches. Ultimately a hacked site = loss of revenue. Luckily, the patches are super easy for your web developer to download and install on to your site (always test in a development area first just in case!).
For every minute your site is offline or not displaying properly you are losing money. Hackers don’t have to completely take your site offline for a loss of revenue to occur, just taking over a single page could completely stop your users from being able to purchase on your site. It may also be required to take the site offline while the infection is assessed and corrected.
If you are a PCI compliant website and are storing credit card details this point is particularly important. If a hack results in stolen credit cards details you could be liable for fines and possible termination of the right to accept any online payments.
Even if you are only storing customer information, the loss or theft of this data will have a detrimental affect on the relationship your customer’s have with your business.
Online shoppers have come to expect a high level of security when shopping online. If a customer doesn’t feel safe on your store they simply won’t buy anything and will probably never return. If you site is hacked and your customers’ data is jeopardised the impact on your business will be severe and long lasting.