Magento Security – how many times have you checked whether a security update is available for your online store? Are you confident that you have an online store where your customers can shop without fear of personal data, and especially payment information, going astray. In my job at Session Digital, we have a strong focus on online shopping and Magento security, and we actively search for potential security holes and make sure that software is updated with security updates. Unfortunately, it seems that many online stores in Norway have many large and well-known security holes which means that sensitive data can easily go astray. Most of these online shops are probably unaware that these holes exist and trust that their web agencies, web hosts and developers make sure that the online shop is up-to-date and safe. I have recently used services such as and to take random samples of many Norwegian Magento online stores. The results are alarming and below are the biggest security holes I found.

Security holes that were found:

These are gross security holes that many Magento online stores should address as soon as possible since they risk sensitive data ending up in the wrong hands. Several of the critical security updates fix security holes that have either already been exploited in some online stores, or where they have been discovered before anyone has exploited them. But now that these updates have been published and made public, it is easy for a hacker to try to exploit this in unknowing online stores.

Magento Security – What You Should Do

If you own or work for a business with a Magento online store then you should check the website with and/or . If these two services report errors, you should immediately contact your supplier, whether it is an agency, developer or web host. They should be able to help you fix these security holes as soon as possible. It is worth knowing that when I checked the pages, mostly the online stores operated by the larger players / suppliers in Norway were all updated and secured. There were a couple of exceptions, but for the most part it is online stores that have probably been supplied by a smaller player or freelance developer that have the security holes. Earlier this year, Magento wrote a blog post about Magento Security that is worth reading. If there is anyone who is unsure about what should be done, just contact me at Here are some useful links:

Share this post
Facebook Twitter