On October 27th, Magento released a security patch that addresses over ten potential security threats to the e-commerce platform. These security threats, including “remote code execution and information leak vulnerabilities,” are weaknesses throughout the platform that hackers can exploit for access to confidential consumer data. A particularly severe hazard found within the underlying Zend Framework would allow special requests to tamper with critical system files. Built on Zend’s open-source framework for developing web applications and services, Magento swiftly mitigated the risk with their latest security patch, SUPEE-6788. Magento warned users a series of automated attacks were possible and urged merchants to patch or upgrade their Magento platform.
SUPEE-6788, released on the cusp of the holiday shopping season, creates an untimely complication for e-commerce owners behind on their website maintenance. The patch itself resolves a number of security issues, but as store owners operating on older versions of Magento or who have done a fair amount of customization on the open-source platform are discovering, the installation is not as cut and dry as it would seem.
SUPEE-6788’s information page states,
“This patch bundle may possibly break backward compatibility with customizations or extensions.”Magento.com
This means bringing your website security up-to-date will likely be accompanied by a few additional challenges. E-Commerce stores running on older versions of Magento will likely experience broken features after installing the patch. Customization to the platform and 3rd-party extensions require special attention throughout the process too, as they are likely to be affected by the update.
In some cases, upgrading to the latest version of Magento, which comes pre-equipped with the latest security modifications, is a better solution. Upgrading can present similar complications though, and with the holiday shopping season already in full swing, your website can’t afford a single minute of downtime.
(If you find that your extensions are still not working as expected, you should contact the extension developer for a SUPEE-6788 compatible upgrade.)
For more information on patching or upgrading your Magento site, contact Fruition’s E-Commerce and development experts.
Jeff Williams is an SEO Project Manager at Fruition. He uses his deep understanding of SEO and internet marketing to guide clients, optimize websites and ultimately improve search rankings. Jeff continues to focus on understanding the technical aspects of SEO factors that affect website rankings in the major search engines. He has recently found a passion in local marketing and helping business carry out effective digital marketing strategies, taking a lead role in developing Fruition’s local SEO services.
President & Founder, Tru Family Dental
Marketing, Dependable Cleaners
President & Founder, Family Travel Association