The simple fix: update the plugin. Magmi 0.7.23 is said to fix the vulnerability. But even still, this is only a vulnerability as it relates to Magento 1. So those already on Magento 2 can rest easy. But don’t take this too lightly. If you might be at risk, you need to take steps now to prevent future risks. Magento 2 will do it or alternative options are possible, including malware-detection software and changing to a more secure, up-to-date host.
And why is this important, especially when a simple update will solve the problem? Because this is the first of many to come. As Magento 1 support ends, more and more hackers will create ways around the established barriers. So you need to react and protect your store Magneto 1 store while you are still on it.
The biggest thing that will be missing when Adobe drops Magento 1 support is the patches. Patches, as the name would indicate, are fixes for possible system holes (or what most call vulnerabilities). In this case, those patches were coming from the system designers themselves. Over the years, they have created many patches that have made M1 sites very secure and safe, getting better with every released fix. But what we always see when systems go to end of life, is that criminals swoop in and work harder than ever to find and exploit issues we didn’t know were there, especially while ‘no one is watching’.
As a result, you will see many development firms and content creators online saying you have to switch platforms to survive. And while that is the safest solution, it is not the only solution. Companies like Mage One have found their way into the Magento mainstream by helping companies stay on their Magento 1 stores by continuing to build and release patches for their customers. They have also found ways to create Magento community engagement through a bounty program for vulnerabilities. Essentially, they will pay people who discover holes that they can fix with a patch. This is a great way to ensure everyone in the space is working together.
Malware is one of those broad industry words that simply means malicious software. This can happen in the form of someone taking over a site and holding it ransom (known as ransomware), as well as many other things. Generally speaking, every site on every platform should be concerned with malware as the right hacker can find a way to use it against your site. But the end of life products become especially vulnerable because hackers focus more on it than, finding new ways to ruin your day, and then finding everyone like you and performing the same attack on them.
Thankfully, there are many ways to protect, or at least detect then remove malware. Our go-to service tends to be Sucuri. Under their plan, your site will get regular scans for malware which you will then be notified about. They can even remove the threat. Ultimately, any level of protection is better than nothing.
Talk to your hosting provider or start researching new ones. Many hosts are already or starting to provide Magento 1 support as part of their offering. We have strong relationships with Nexcess, MageMojo, and JetRails, all of whom provide this type of support.
Feel free to call them directly or connect with us first for a fast track. The time is now, so don’t hesitate.
We leverage our team’s extensive experience to provide best-fit Magento Commerce solutions to your business challenges, whether they apply to your entire industry or your uniquely complex company.
Enhance customer experience with precise SKU search, reduce bounce rate, and boost retention through user-friendly databases.
Maximize tech capabilities with seamless ERP integrations via APIs, XML, and file import/export for unified data visibility.
Streamline browsing while inspiring creativity, showcasing diverse customization options in an easily navigable eCommerce platform.
Address B2B customer needs throughout the buying journey with tailored pathways, from easy checkout to personalized assistance.