9 Steps to Take If Your Magento 1 Site Is Hacked

9 Steps to Take If Your Magento 1 Site Is Hacked

The Magento 1 end of life deadline has now passed and if you haven’t migrated to Magento 2, then your store is at significant risk of being hacked or becoming a victim of a cybersecurity attack.

As Magento no longer supports the outdated Magento 1 platform, there are no more security patches or updates that protect you. However, this is not only true for Magento 1 but also the modules that you may be using, which are managed by third parties and technology partners. 

What steps should you take if your Magento 1 site is hacked? 

Some of these pointers are good to action before an attack, but on the most part if you experience a hack or downtime, the major step you need to take is to migrate to Magento 2 or another platform such as Shopify Plus.

#1 – Work with a cybersecurity partner to protect your site and offer advice

Our first point is to work with the cybersecurity experts. A cybersecurity technology partner like Foregenix can be helpful in working with you to create a plan specifically for keeping your site secure. 

They can work in partnership with you and your ecommerce agency to make sure the plan fits with your goals and targets and can be an immediate point of call when your site is hacked.

#2 – Install core Magento 1 security patches developed by third parties in the short-term

Whilst Magento 1 are no longer supporting the old platform with patches, there are third parties who are helping out so that retailers can do their best to minimise risk whilst they are migrating to Magento 2. This is a short term strategy but is worth mentioning.

Mageone is developing patches in the same way as Magento has done in the past. The cost is based on revenue with varying prices, but it’s important to know that this only patches the core Magento 1 code and not your modules. 

#3 – Upgrade modules to their latest update

As mentioned, not only is Magento 1 unsupported but your supporting modules will now be unsupported too. You should deal with these separately as you will need to take different action.

The majority of Magento 1 module providers will also stop support for their M1 modules at the same time so it is recommended that you make sure all of your modules are up to date with the latest version.

#4 – Take action to update your admin security

Once you experience an attack, your admin area will be vulnerable. There are a few actions you can take to update your admin security – but these can also be done before you even see an attack on your site.

  • Adding a random string URL to your admin panel link, i.e domian.co.uk/backoffice_hy4jgc
  • Locking your admin panel down by IP address
  • Adding two-factor authentication to the admin for added security

This will make sure that the admin area of your site is protected as much as possible.

#5 – Ensure server software have the latest patches

Ensure server software such as Nginx and Mysql all have the latest patches and php is running the latest compatible version.

#6 – Contact your payment provider to clarify PCI compliance

PCI compliance is a major issue and one of the most important areas of security to look at if you experience an attack. 

The major card schemes have publicly said that any clients on Magento 1 after 30th June 2020 will fall out of PCI Compliance due to their rules around ‘vendor supplied patches’ and the argument that Mageone is not the vendor. 

There’s a lot of discussion around this at the moment but, as it stands, the schemes have not agreed that these patches will cover PCI. 

The impact of this is there is a risk of large fines for not being PCI compliant (€10k – €25k per month). 

#7 – Monitor your security and downtime

On an ongoing basis, you can invest in tools that monitor your security and downtime. Tools like Pingdom or StatusCake can monitor your website availability and performance and notify you if there are any issues.

If you experience a future attack or see downtime, you want to know as soon as possible so you can minimise the damage. This will help you best create a plan for resolving any issues.

#8 – Work closely with your Magento support agency

Your Magento support agency is a valuable resource for Magento 1 when it comes to ensuring your site is secure. They will have the knowledge of the platform but also the connections to partners and technologies that will help keep your site as secure as possible.

However, we know that finding the right Magento support agency for you can be difficult. Here are some questions you should ask when looking for a Magento agency.

#9 – Migrate to Magento 2 as soon as possible

Finally, you should be making sure you are migrated to Magento 2 as soon as possible – hacks and attacks will continue to happen whilst you are on Magento 1 and it is vital that you are no longer on the outdated platform for this reason.

Any retailers on Magento 1 after the sunset deadline will be targets for cyber attacks and your customers’ data will not be safe.

You can read more about the risks of remaining on Magento 1 here, or you can reach out to us directly to find out more.

Magento 1 end of life deadline has passed

Whilst many ecommerce experts and retailers have been debating the Magento 1 end of life deadline for many years now, we know it can be hard to schedule and find a budget for a major replatform.

However, all retailers on Magento 1 are now at risk and need the support of the Magento ecosystem to help them transition to Magento 2.

If you need help with your decisions around Magento 1 and need some expert advice, then get in touch.

Share this article