The shocking truth about e-commerce software security.When you shop online you, you're giving the store an enormous amount of personal information - your name, address, email and even payment data. When giving over this information, you have to trust that they'll handle it responsibly, that their systems are secure and that your data is not going to be compromised.
But what do you really know about the store?
These days, with so much of our shopping being done online, most of us are familiar with what to look out for to help ensure that our shopping experience is safe. Most of us, quite rightly, won't enter our credit card details on a page that didn't use https://. We'd also be suspicious of an e-commerce site that didn't list a phone number or physical postal address, which didn't have verifiable customer reviews, or whose website was broken or which looked unprofessional.
We want to look out for every possible signal that tell us that we're dealing with a genuine business, who is responsible.
However, there are certain things that we just can't know - and one of those is whether the store is properly maintaining their e-commerce software. It's not something that most people would even consider, but when e-commerce software is not maintained, the site is vulnerable to hacking - and that could leave your data vulnerable, too.
Unfortunately, the reality is that in many cases, stores are not actively ensuring that the applications powering their online e-commerce are kept up to date and secure.
We only have to look at the websites we host to see this. What really shocked us, though, was just how many stores don't take this seriously.
In the world of e-commerce software, the two clear leaders are WooCommerce for WordPress, which according to analytics site Built With, is in use by 42% of all e-commerce stores on the internet, and Magento, which powers 4% of all e-commerce stores.
So with this in mind, we scanned our shared hosting servers, and found that an incredible 94.4% of Magento stores, and 61.2% of WooCommerce stores, were not running on the latest secure release.
Fortunately we have some incredible firewall technology baked into our platform which keeps most of the bad guys at bay, but regardless - firewalls are not infallible, and these stores are operating with known vulnerabilities. Some have been running on insecure code bases for years.
If our statistics, which are generated from many thousands of installations, are anywhere near representative of the wider state of e-commerce stores, this means that there are likely millions of stores running on insecure code.
That's a scary thought to have in mind for the next time you make an online purchase.
So why don't store owners keep their software up-to-date?This is usually either due to a lack of understanding, or a lack of resources. Some store owners may genuinely be unaware that not keeping their e-commerce application up-to-date puts their clients, and their own business, at risk. Others may know about the risks, but lack the technical expertise to keep the software patched and secured, and perhaps don't have a web developer who actively maintains the security of their store.
The truth is that in some cases, updating software isn't always straightforward. Sometimes new versions of software are released that address a security problem, but upgrading the e-commerce software could cause an incompatibility with other components of the site, such as the theme. No store owner wants to do something that could inadvertently cause their store to break and so more often than not, critical upgrades are not performed, and store owners live in hope that their site won't be hacked.
The problem is, you never know when you might be hacked. And if you are hacked, the implications can be horrific. Not only do you have to try and recover your site, you then have to disclose to your beloved clients that their data has been breached.
There are fewer scenarios more damaging for a brands reputation.
If security updates could be hassle free, and fully automated, the online shopping experience would be significantly safer, and the reputations of the stores themselves, not perilously at risk.
Introducing Surgical Patching, with PatchmanFor Kualo customers, our Patchman service addresses this exact problem. Since 2015, Patchman has been protecting our shared and reseller servers by focusing on automatically securing the big three open source content management systems, WordPress, Joomla, Drupal.
From today, Patchman's coverage will be extended to also incorporate patching for both Magento and WooCommerce.
Patchman runs continuously on our servers, and will automatically apply critical security patches to these applications, ensuring that they are always running with the latest security fixes. Beyond the core applications, Patchman also quarantines any malware that it finds, and sends out email alerts when critical updates are required in applications that it cannot patch.
What makes Patchman so effective, is that it doesn't simply 'upgrade' the application to apply the patch. Instead, the security fixes from newer releases of the software are back-ported to be 100% compatible with the version of the application that is installed. The patches are surgically applied, and will never break the functionality of the site itself, or interfere in any way with existing plugins or themes.
This gives website owners the peace of mind that their website is secure, and allows their developers ample time to plan full software upgrades that can then be seamless and without downtime.
So, if you're running a Magento or WooCommerce store with Kualo, you now have the additional peace of mind that Patchman will be automatically rolling out security patches as they are released. For more information on Patchman, please see our Patchman articles on our Knowledgebase.
If you're not an existing Kualo customer and would like to migrate your website to an incredibly secure platform, why not migrate to one of our WooCommerce or Magento Hosting plans today!