The shocking truth about e-commerce software security.

Written by Jo Stonehouse 0 Comments
When you shop online you, you're giving the store an enormous amount of personal information - your name, address, email and even payment data. When giving over this information, you have to trust that they'll handle it responsibly, that their systems are secure and that your data is not going to be compromised.

But what do you really know about the store?

These days, with so much of our shopping being done online, most of us are familiar with what to look out for to help ensure that our shopping experience is safe. Most of us, quite rightly, won't enter our credit card details on a page that didn't use https://. We'd also be suspicious of an e-commerce site that didn't list a phone number or physical postal address, which didn't have verifiable customer reviews, or whose website was broken or which looked unprofessional.

We want to look out for every possible signal that tell us that we're dealing with a genuine business, who is responsible.

However, there are certain things that we just can't know - and one of those is whether the store is properly maintaining their e-commerce software. It's not something that most people would even consider, but when e-commerce software is not maintained, the site is vulnerable to hacking - and that could leave your data vulnerable, too.

Unfortunately, the reality is that in many cases, stores are not actively ensuring that the applications powering their online e-commerce are kept up to date and secure.

We only have to look at the websites we host to see this. What really shocked us, though, was just how many stores don't take this seriously.

In the world of e-commerce software, the two clear leaders are WooCommerce for WordPress, which according to analytics site Built With, is in use by 42% of all e-commerce stores on the internet, and Magento, which powers 4% of all e-commerce stores.

So with this in mind, we scanned our shared hosting servers, and found that an incredible 94.4% of Magento stores, and 61.2% of WooCommerce stores, were not running on the latest secure release.

Fortunately we have some incredible firewall technology baked into our platform which keeps most of the bad guys at bay, but regardless - firewalls are not infallible, and these stores are operating with known vulnerabilities. Some have been running on insecure code bases for years.

If our statistics, which are generated from many thousands of installations, are anywhere near representative of the wider state of e-commerce stores, this means that there are likely millions of stores running on insecure code.

That's a scary thought to have in mind for the next time you make an online purchase.

So why don't store owners keep their software up-to-date?

This is usually either due to a lack of understanding, or a lack of resources. Some store owners may genuinely be unaware that not keeping their e-commerce application up-to-date puts their clients, and their own business, at risk. Others may know about the risks, but lack the technical expertise to keep the software patched and secured, and perhaps don't have a web developer who actively maintains the security of their store.

The truth is that in some cases, updating software isn't always straightforward. Sometimes new versions of software are released that address a security problem, but upgrading the e-commerce software could cause an incompatibility with other components of the site, such as the theme. No store owner wants to do something that could inadvertently cause their store to break and so more often than not, critical upgrades are not performed, and store owners live in hope that their site won't be hacked.

The problem is, you never know when you might be hacked. And if you are hacked, the implications can be horrific. Not only do you have to try and recover your site, you then have to disclose to your beloved clients that their data has been breached.

There are fewer scenarios more damaging for a brand's reputation.

If security updates could be hassle free, and fully automated, the online shopping experience would be significantly safer, and the reputations of the stores themselves, not perilously at risk.

Introducing Surgical Patching, with Patchman

For Kualo customers, our Patchman service addresses this exact problem. Since 2015, Patchman has been protecting our shared and reseller servers by focusing on automatically securing the big three open source content management systems, WordPress, Joomla, Drupal.

Patchman's coverage is now also extended to  incorporate patching for Magento, WooCommerce and PrestaShop.

Patchman runs continuously on our servers, and will automatically apply critical security patches to these applications, ensuring that they are always running with the latest security fixes. Beyond the core applications, Patchman also quarantines any malware that it finds, and sends out email alerts when critical updates are required in applications that it cannot patch.

What makes Patchman so effective, is that it doesn't simply 'upgrade' the application to apply the patch. Instead, the security fixes from newer releases of the software are back-ported to be 100% compatible with the version of the application that is installed. The patches are surgically applied, and will never break the functionality of the site itself, or interfere in any way with existing plugins or themes.

This gives website owners the peace of mind that their website is secure, and allows their developers ample time to plan full software upgrades that can then be seamless and without downtime.

If you're running a Magento, WooCommerce or PrestaShop store with Kualo, you now have the additional peace of mind that Patchman will be automatically rolling out security patches as they are released.

...and that's not all!

Application vulnerability patching is just the tip of the security iceberg at Kualo.

Kualo websites are each hosted in a caged file system, meaning that in the event another customer website is hacked, your store remains safe.

We additionally run multiple firewall layers, including an application firewall with rules designed specifically to protect popular e-commerce applications, and a machine learning firewall which helps prevent malicious bots from being able to reach and compromise your store.

Learn more about our secure hosting technology in our easy to understand walkthrough!

If you're not an existing Kualo customer and would like to migrate your website to an incredibly secure platform, why not migrate to one of our WooCommerce, PrestaShop or Magento Hosting plans today!




You might also like...

About the Author

Jo Stonehouse is the Founder and Managing Director at Kualo. He loves helping businesses succeed online, and is based in London were he lives with his wife, Sali, daughter Seren, son Griff and dog, Milo.