PrestaShop Security Vulnerability

It was announced last week that PrestaShop had discovered a security vulnerability in all current versions of PrestaShop. The vulnerability has to do with how the password hash is handled with both the admin passwords and the customer accounts. What can happen is an attacker could be able to guess the next password in the random password generation.

PrestaShop has offered both the source files and a module that can fix the latest branches of each PrestaShop version. If you are using a version that is not the latest branch you might have issues with the fix. You can read more about the vulnerability here and download the patch modules here.

PrestaShop in general is very secure, even with this vulnerability it is still hard to gain access to your site. It would take planning and inside knowledge of your company. PrestaShop has only had 2 other low level vulnerabilities reported in the last 3 years as well, which is very exceptional for e-commerce software.

Security in Your Shop

You can take active steps in securing your shop to make sure that it is not hacked or any of your customer data is compromised. Using good security policy is a backbone of e-commerce, customers are trusting you with their data, you need to be a good steward with the data you are trusted with.  Below are some of the steps that we recommend taking to protect your shop.

• Change your back office password frequently
• Change the location of your back office every couple of months
• Use a htpassword file to add an extra layer of security
• Using a htaccess to allow or deny ip addresses
• Instead of using a hard to remember password, use a phrase see this comic for more detail
• Keep server software up to date
• Only use plugins from trusted sources

These tips will give you a good start to making your shop more secure and protecting your clients data. If you have any questions about any of this information please feel free to contact us here.  Happy Selling!