Check my Magento security status

magento.stackexchange https://magento.stackexchange.com//questions/64556

Question

I just had trouble to install the SUPEE-1533 and SUPEE-5344 on CE 1.7.0.0. I did it through the FTP method from Magentary.

Question is then : how can I make sure that my Magento install got all security patches properly installed?

Was it helpful?

Solution

If you want to be sure the patches are installed properly (and more security checks, check https://www.MageReport.com (shoplift.byte.nl also redirects now)

OTHER TIPS

Ways how you can ensure you have all latest security patches applied:

  • Upgrade to the latest version CE 1.9.2.1 or EE 1.14.2.1 - these versions have all latest patches included
  • Apply patches in development systems via SSH to have the added to /etc/applied.patches.list

Additionally:

  • Run MageScan (tool by Steve Robbins) to check your sites status (this will not give you information about the patches though)
  • Run the Shoplift tester (as already mentioned above by Willem)
  • Hire a Magento developer to check your site (which will be a hard task if updates where done via FTP).
  • It's probably easier trying to apply the patches again via SSH and see if they work or fail and then check the files.

Test if your site is still vulnerable at https://shoplift.byte.nl

While this is self-promotion, I am still posting it as I think this may help someone who is looking for such kind of security extension for their Magento store.

We have developed an extension that checks for common misconfigurations and vulnerabilities in Magento and gives you exact information on how to fix/resolve them. FYI, it also includes ShopLift test to let you know if you are vulnerable to it. Magento connect page of MageSecure: http://www.magentocommerce.com/magento-connect/magesecure-security-extension.html

All other methods (like Securi, MageReport...) check front end files only. If you started patch installation and something went wrong, this tools will tell you you are good, although you might not be.

MageFence security extension check all files from back end. It scan for necessary changes in ALL files that had to be patched for each separate Magento patch from Magento CE 1.7 to 1.9.2.2. Further more, it will report not only missing security patches but all patches for your version of Magento CE. This extension has many more security features that will detect, protect and enforce your Magento shop.

Get the latest patches, security updates, and best practices for your Magento sites

https://magento.com/security

Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange
scroll top