The Importance of Updating Security Patches on CMS Platforms – WordPress, Magento & OpenCart

What are Patches?

Many of you may be questioning what are patches and how do they affect me? More often than not in 2016, patches are regularly discussed when major CMS platforms are in discussion. Patches are simply updates of existing plugins and extensions that may be used on your website that are applied on top of your previously installed version. Patches can also effect the platform too, so this where they are designed in their best form to withstand any intruders that are trying to gain access to your website. Having the most up-to-date version minimizes the risk of being hacked or potentially having your website injected with malware or malicious code, or using brute force entry via the admin panel.

Why the Patches?

The majority of people will not fully understand the importance of keeping their website up to date and applying patches to their CMS system and plugins – and this is understandable, especially when running a successful business.

Ever since the internet started, hackings have been at the forefront and immediately question security of your website and more often than not clients think that it’s the hosting provider’s job to secure their website at all times. Unfortunately this isn’t the case – That’s like buying a BMW and expecting to be covered for servicing for its entire lifespan.

Owning a website in WordPress, Magento or OpenCart has more advantages than disadvantages, but each are prone to hackings at any time – no matter who you’re hosting with or what platform your website is built on. Moving at such a rapid pace, external developers within these CMS communities are updating and fixing plugins and extensions at a constant pace and unfortunately those who have installed an outdated version on their website are more likely to be attacked than those who have updated to the latest version. Same with the platform itself. If you have fallen behind on the latest install, then it may be time to rethink your website strategy and put aside budget to keep this maintained.

Finding weaknesses in old versions of plugins and CMS versions, attackers can find several ways to gain entry to the website. These can include:

– Injection of SQL scripts into the database and take over your website using a fake admin created by the injection
– Brute Force Entry – Whereby the attacker / spam bot tries guessing your password from the admin panel URL
Having patches implemented as regularly as they are released will lessen the chances of anything happening to your website and allow your business to run as usual.

Can I not install the patches myself?

Clients with a bit of know-how can indeed install these patches themselves, but isn’t recommended and any errors caused by this would be chargeable at any design agency. Installing security patches can knock out existing elements of the design and functionality of your website and would need your website developer to either fix the resulting errors or simply revert the patching changes you’ve made. All development agencies would recommend that you get in touch with the team to discuss which patches may need applying and to discuss the cost of this.

How can I check if my website is secure?

In order to check to make sure that your website is up to date with the latest patches available, there are various tools online that work through the security on your website and flag any potential weaknesses – anyone is able to use this, whether you’re tech-savvy or not.

For Magento Users:

Online tool that runs through the patches known from Magento –

https://www.magereport.com

https://magentary.com/magento-security-patch-tester/

Check for the latest downloads and updates from the Magento Community –https://www.magentocommerce.com/download

For WordPress Users:

Online tool that works through the security issues on your WordPress website – https://hackertarget.com/wordpress-security-scan/

Check for the latest security issues from the WordPress Community –

https://wordpress.org/news/category/security/

For OpenCart Users:

– Basic security information for OpenCart Users – http://docs.opencart.com/administration/security/