The Importance of Security Updates for E-Commerce

Frank Thompson
More from this author
b2b e-commerce is sexy

How many times have you ignored  software updates or upgrade notifications? Maybe you just didn’t have the time to move forward with the update or upgrade, or you didn’t want to spend the time learning a whole list of new features. Updates and Upgrades are not the same thing, but they are both important. 

Updates

Updates happen for a variety of different reasons but they can be neatly categorized into four general groups:

1) Fixing Bugs

2) Closing Security Holes

3) Enhancing Performance

4) Adding New Features

Fixing Bugs

As with any software, issues can cause features to not work the way they are expected or fail to work entirely. These are most likely the result of software bugs. Bug fixes have touched things ranging from Promotional Rules and Shopping Carts, to Customer Accounts and Import functionality, and everything in between.

Because Magento includes so much functionality, you may not have even used a feature that includes bugs. Or, maybe you’ve tried using a feature but it didn’t work as expected because of a bug, but you thought it was your lack of knowledge on the feature. Software updates are focused on eliminating bugs.

Closing Security Holes

Your business may not need certain buggy unused features corrected with an update, but everyone is potentially at risk because of security holes. Some recent security issues that have been addressed in recent patches include cross-site scripting vulnerabilities, remote code execution, SQL injection, and ordering items with altered prices.

A compromised site is not only bad for your business and reputation, but it can also negatively impact your customers and merchants. Security is important and staying up-to-date with patches can reduce  the likelihood of your website being compromised.

Enhancing Performance

Updates can also help make your Magento site perform more efficiently, resulting in a better customer shopping experience.

For example, in previously updates have added optimized SQL media queries to boost storefront performance and make the compilation of static asset creation is faster. They have also made managing configurable products with hundreds of variations in the Admin much faster; admin users can now generate a grid or save a list of product variants in only a few seconds.

Upgrades – New Features

Magento has consistently added new functionality into its releases; although not included in updates and primarily reserved for upgrades, new features offer functionality that can help deliver better customer experiences. Consider the addition of configurable swatches in previous versions of Magento. Also, consider the growth of the search functionality in Magento. It started with standard SQL search, eventually incorporated SOLR search, and is now offering ElasticSearch.  New features are one of the strong points of Magento; it is constantly adapting to accommodate changing trends in e-commerce, thus helping merchants stay on the cutting edge.

Time to Install Patches

Patches can take varying lengths of time to apply. Some are very easy and an experienced developer can have the code applied and tested on a dev environment within an hour. Other patches can be more complex, touching complex parts of the system that require more thorough testing to ensure nothing was unexpectedly impacted by the patch, like a regularly used third party module or an integration to another system.

Testing Patches

Although patches are intended to either fix issues, add features, or enhance security and performance, they can have unexpected consequences. This is why it is important to test your Magento site in a development or staging environment prior to pushing a patch to your live or production website.

Be sure to consult Magento’s Security Best Practices page for guidance.

Be sure to work with someone or an agency that understands how to properly apply Magento updates (a.k.a. patches) and will perform testing after the patch is applied to ensure nothing was broken.  Here at Accorin we are certified Magento Solution Partners and Developers. There are a number of companies that offer cheap patch installation, but they do not include the testing that should certainly occur after the patch and testing is a key part of the patch deployment process. An experienced person will test various aspects of your Magento store to ensure nothing was broken – and if they are really experienced, they will alert you to the areas impacted by the patch and fix them – which is our policy here.

Magento Updates and the Current Security Patch – January 2019

Magento’s updates come in the form of Patches, and they are no less important than any other update. Delaying updates (or delaying upgrades) can be a risky option. The longer you delay, the greater your exposure to potential threats. By regularly implementing Updates and Upgrades, you will significantly reduce your exposure to these threats.

Magento has an active community of developers and a dedicated team that help keep the platform secure with regular updates. They help identify bugs and security holes so that they can be fixed by updates. The most

recent Magento update came in the form of a patch on January 24, 2019. It applied to several versions of Magento: Magento Commerce (formerly known as Magento Enterprise Edition), Magento Commerce and Open Source 2.3.0, 2.2.7 and 2.1.16. Full details are available here:

https://magento.com/security/patches/magento-2.2.7-and-2.1.16-security-update

BOTTOM LINE: Keep up with your security patches and if you need assistance do not hesitate to contact us! [email protected]