SUPEE-10266, Magento Commerce 184.108.40.206 and Open Source 220.127.116.11 contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also include fixes for issues with image reloading and payments using one-step checkout. If you don’t want to upgrade your PHP version to 18.104.22.168 then you can just install this security patch and it includes security feature added to Magento 22.214.171.124, so it’s equal to 126.96.36.199 Magento version.
In today's competitive marketplace, it is becoming harder to increase conversion rates, acquire customers and retain them using traditional methods. A merchant should have some type of loyalty/reward program to target existing customers, as well as convert new customers into loyal customers. A study from Bain & Co shows a 30% increase in company value due to a 10% increase in customer retention levels. Good loyalty programs increase purchase frequency, average order value, and customer lifetime value by transforming a customer’s relationship with the brand from a transactional relationship to an emotional one.
For increased security, merchants will only be able to use HTTPS when posting messages back to PayPal via their Instant Payment Notification (IPN) service. In the past, PayPal has allowed the use of HTTP for these postbacks. As of June 30, 2017, PayPal Instant Payment Notifications will no longer allow HTTP to post messages back to PayPal for verification. To comply with these changes, all Magento merchants using PayPal must upgrade or implement the Magento Security Patch SUPEE-8167.
Magento has released new updates to increase product security and functionality. The releases contain over 15 security enhancements and Magento 2.x updates that also address image resizing and MasterCard BIN number expansion. We strongly recommend that all merchants upgrade to these versions as soon as is reasonably possible.
MasterCard is expanding their BIN series. MasterCard® has received an additional range of 2-series numbers to add to the 5-series that they currently provide. The 2-series BINs operate in the same way as the 5-series. MasterCard customer financial institutions can expect to be issued 2-series BINs starting in 2017. Bank Identification Numbers (BINs), which are the first six digits of the account number, are fundamental to payments. They identify the issuing institution for the account and ensure that each transaction is routed correctly.
Social media is not merely about being social, social media is a powerful tool that should be leveraged in an effort to promote your business and services online, as well as connect with your customers in an informal way. Utilizing this channel can increasing sales by way of reaching a vast audience of existing as well as potential customers. Aside from satisfying the desires of today's social oriented consumer-- Leveraging social media has proven to increase sales and have a positive impact on KPI's (key performance indicators) including, quota attainment, renewal rate and forecast accuracy.
A new self-healing malware has been discovered by Dutch malware experts. This malware targets online stores running on the Magento platform. It starts execution whenever a user places a new order and can self-heal using code hidden in the website's database. Though this is not the first time a malware is hiding code in the database of the website, is certainly the First Magento malware that uses SQL stored procedures.
Magento has recently released some product and security updates. These new versions provide a range of improvements, including a fix for the recently discovered Zend Framework 1 security vulnerability and quality updates to catalog, payments, and sales modules in Magento 2.
Magento is a widely used open source eCommerce software. A Magento store is also prone to be a target of malicious activities by malware and hackers. And when transacting online, using credit cards or other mode of payment, security is of utmost importance. Even though Magento gets patched for security reasons on a regular basis, below is the detailed list of best practices which can be applied on Magento to mitigate the vulnerabilities.
A new Magento vulnerability has been found in a Zend Framework 1 and 2 EMAIL COMPONENT. The component is used by all Magento 1 and Magento 2 software and other PHP solutions. This vulnerability is serious and can lead to a remote code execution attack if your server uses Sendmail as a mail transport agent.
Magento 2 is faster. M2 supports PHP 7, which frequently delivers a doubling in performance over previous PHP releases. The new default indexers in Magento 2 include all of the functionality as in the previous enterprise versions. The difference is that they come with more efficient updates and have been improved to speed up the query performance.
SUPEE-8788 is the latest security patch for Magento released on October 11, 2016 that provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting.
Magento Commerce has recently announced the launch of its next-generation commerce applications marketplace, Magento Marketplace. Magento merchants can extend the functionality of their Magento stores and deliver far-more-engaging experiences to their customers with a simplified user experience for easy discovery of curated, high-quality products and services. Further, the extension developers get access to a large and growing customer base. With the new Magento Marketplace they are bringing in a new vetting process that consist of a technical, marketing and business value review. This ensures that Magento merchants only buy high quality technologies from the most trusted developers in the Magento ecosystem.
Magento has just introduced the newest security patch intended for Magento 1.x termed SUPEE-7405. This patch handles several security difficulties within Magento but most importantly fixes a leak that allows hackers to take over your admin (backend) account and gain access to your Magento shop.
This specific patch repairs the subsequent issue,prevent cache manipulate,SQL injection through split routing,CAPTCHA avoid , Cross-site Obtain Forgery (CSRF),Incorrect Enter Controlling and even more To get a total listing of the particular patched protection and also sensible repairs look at the Magento security core.This patch is available intended for Magento types 188.8.131.52 – 184.108.40.206 and 220.127.116.11 – 18.104.22.168.
Cart abandonment is a large issue for just about every ecommerce store. On an average, over 60% of carts are left to die before checkout is complete. One of the biggest reasons behind cart abandonment is that the checkout process is just too long and complicated for the consumers and thus they find it much easier to just abandon the cart as against completing the process. Fortunately, there are solutions; enter the One Step Checkout module!
Magento has recently released a new Security Patch (SUPEE-6788) along with Community Edition 22.214.171.124 and Enterprise Edition 126.96.36.199. These newer edition comes with security patch set in core itself and does not need any other current or past patches to be installed separately. The patch addresses over 10 security issues including remote code execution and information leak vulnerabilities. All these new releases are fully tested, complete and ready for merchants to deploy. We strongly encourage you to implement the patch or upgrade to the new versions as soon as possible.
Magento has recently launched Magento Community Edition 188.8.131.52, Magento Enterprise Edition 184.108.40.206, and a new Mobile SDK for Android. These releases improve security and performance, and empower you with a new tool to drive mobile sales. Along with these, a new security patch has also been released for Community Edition and Enterprise Edition (SUPEE-6482). The patch addresses 2 issues with Community Edition and 4 issues with Enterprise Edition. All these new releases are fully tested, complete and ready for merchants to deploy. We strongly encourage you to implement the patch or upgrade to the new versions as soon as possible.
A new critical Magento security patch has been released to secure the platform from potential attacks. There are no confirmed reports of attacks related to these issues to-date, but it is important to immediately deploy the patch in order to protect online store. This patch prevents attackers from posing as an administrator to gain access to the last orders feed, which contains personally identifiable information that can then be used to obtain more sensitive information in follow-on attacks and closes a number of security gaps including cross-site scripting (XSS), cross-site request forgery (CSRF), and error path disclosure vulnerabilities.
It's no secret these days that selling on your own website isn't the best marketplace for everything and it's always a good idea to consider alternatives.
Ecommerce sites have an average abandonment rate of 55% to 75% but only 8.1% of leading brands send abandonment cart emails. To recover abandoned carts & improve your sales abandoned carts alert extension is a MUST for your magento store. There are many basic features to expect from a good Magento Abandoned Carts Alert Extension like easy installation and configuration, send abandoned carts reminder to customers, total control over the reminder scheduling, easy and detailed tracking, automatic cart recovery, etc.
In today's real-time, online society and customers demand speedy and accurate order fulfillment from their vendors. Fulfillment Software can help you to easily aggregate orders from multiple sales channels (like Magento, eBay, Amazon, and more) and fulfill the orders through a variety of shipping carriers and fulfillment providers. Paired with advanced automation features like custom rules, shipping presets, and much more, they can save you hours each day on shipping and fulfillment. Track shipments and generate shipping reports, return labels and void shipments easily.
Magento is considered the leading online business solution that has been available for 5 years now. Till date the platform is claimed to have been downloaded over 4 million times and now there are talks of the much awaited new version release too, Magento 2.0. Now we know that Magento 2 Developer Beta is released for developers. However, merchants need to wait a little longer.
Magento is a professional open source ecommerce web application or ecommerce platform developed for providing extensive range of customization and fine-tuning features. Using the Zend Framework it was developed in 2008 by Varien (now known as Magento Inc.). Magento gives you unique control and flexibility. It was built with the perception that each ecommerce implementation is distinctive in nature as no two businesses are identical. The architecture of Magento is based on modules.
Patch SUPEE-5994 fixes a leak that allows anyone to look up the URL of your Magento backend. Through this leak hackers are able to crack your password using brute force attacks and exploit other possible leaks. SUPEE-5994 is a bundle of eight patches that resolve several security-related issues.
SUPEE 5344 patch addresses a specific remote code execution (RCE) vulnerability known as the “shoplift bug” that allows hackers to obtain Admin access to a store. Shoplift is a bug in Magento that allows a hacker to take full control of a shop, including stealing customer records and tampering with payments.