WordPress
Recently there have been several reports of hacking attacks on ecommerce sites. Investigations reveal that the recent behind this latest wave of hacking attacks is the Adminer. Here, in this guide, we explain how this hack occurred and how to fix and secure your site, if you’re a victim. If you’re one of the lucky few who hasn’t been affected by this bug, read on to find how to keep your site protected.
The Adminer is a popular MySQL administration tool that ecommerce site owners use to enable remote access to their databases. The problem here is that most websites leave the Adminer publicly accessible. It paves the way for a hacker to attempt to log into the database of the ecommerce site using the Adminer login page. Just like all other database tools, entry into the Adminer requires knowledge of the username and password. However, the vulnerability here is that the recent hacks show a way to circumvent this requirement. Hackers can obtain the database credentials if they are stored in configuration files on the server. Most popular ecommerce platforms like Magento and WordPress allow hackers to access the database credentials, as it’s stored on the server.
It was found that the earlier versions of Adminer had a security breach via which hackers can access the file system of the server. Hackers can steal your data by looking for files with the extension .php and the word, “adminer.” Once they find the right files, hackers connect their own database instead of the site’s database. The hacker can then access the contents of the files stored in the server, where the Adminer is installed. Not just the database credentials, hackers can get hold of your core ecommerce files like the wp-config.php (for WordPress) and local.xml (for Magento). Using this, hackers can steal all your login ids and passwords as well as other settings. Once hackers get access to the website’s database, they can manipulate the data.
Here are the steps to take to mitigate the damage done to your website and to prevent hackers from accessing your critical information:
#1. Use HTTPS
The most effective way to protect your site from online cyber-attacks is by using HTTP with SSL. Get an SSL certificate from a recognized vendor. Install it on your ecommerce site and change the settings. Besides improving security, ecommerce sites with HTTPS get a better ranking from Google, thereby boosting your site’s search engine visibility.
#2. Migrate to a Secure Ecommerce Platform
While choosing an ecommerce platform, besides the features, you also have to consider the security of the platform. Some of the most secure ecommerce platforms are Magento and WooCommerce. If you’re using Magento 1, you can consider migrating to Magento 2 to enjoy better security and improved features.
#3. Ensure that Security Hacks do not cause Damage to Customers
Once hackers gain entry into your ecommerce site, they can do a lot of damage to your customers by accessing their sensitive data. The best way to avoid this is by not storing sensitive customer data on your site. Opt for tokenization to prevent credit card thefts on your website. Another option is to send an automated email to your customers once every month, reminding them to change their passwords frequently.
#4. Run Vulnerability Tests
Performing regular vulnerability tests on your ecommerce site help you spot risks before it becomes a major security breach. Once you identify security risks, make sure that they are addressed and fixed immediately. Some of the popular vulnerability scan programs include OpenVAS, Retina CS Community, and MBSA.
#5. Keep your Site Updated and Take Regular Backups
Make sure to update your ecommerce platform as soon as new versions are released. Also, don’t forget to take periodic backups as it ensures that you can retrieve data quickly if your site was unfortunately hacked.
The Adminer hack is one of the many recent cyber-attacks. Note that, it occurred not just among Magento and WP ecommerce site, but Joomla online sites as well. While you cannot 100% guarantee your site from hacker attacks, by following the right security measures, you can increase your site’s security. Make use of the tips listed here and keep your data (and customers’ data) safe.
The technology has been a pioneer in speeding up the data analysis of customers for enterprises.
17 Jul 2024
Learn about Alfresco development and its benefits for businesses. Discover how leveraging Alfresco can enhance efficiency and collaboration.
17 Jul 2024
Mastering Alfresco Development: Essential Tips for Success in ECM Solutions” provides crucial insights and strategies for developers to excel in…
17 Jul 2024
401, One World West, Nr. Ambli T-Junction 200, S P Ring Road, Bopal, Ahmedabad, Gujarat 380058
Kemp House 160 City Road, London, United Kingdom EC1V 2NX
Nürnberger Str. 46 90579 Langenzenn Deutschland
Level 36 Riparian Plaza, 71 Eagle Street, Brisbane, QLD 4000
4411 Suwanee Dam road, Bld. 300 Ste. 350 Suwanee GA, 30024
Cube Work Space, 24 Hans Strijdom Avenue, Cape Town
B 503 Sama Tower, Sheikh Zayed Road, United Arab Emirates
34 Applegrove Ct. Brampton ON L6R 2Y8
We use cookies to improve your browsing experience.
OKAYThis website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.