In the last few weeks, we have seen a growing trend across all Magento and AbleCommerce sites. Hackers are focusing attacks on admin pages. Even when the sites have a unique admin URL, malicious attackers are eventually figuring these out. Once they know the admin URL they are then attempting to break through by using a brute force method to guess the passwords. Thankfully there have been no breaches at W2M recently, but sites at other hosts have not been so lucky.

These days, a username and password are not enough to protect your data. We strongly urge you to consider implementing a 2-factor authentication method for the admin section of your site. You may already be familiar with 2-factor authentication as all online banking and social media outlets have been doing this for years. After you enter your username and password, you must authenticate yourself with a code sent by text or email.

If you're using AbleCommerce, our plugin can be found here:

https://www.web2market.com/store/two-factor-authentication-for-ablecommerce.html

Here are 2 Magento extensions that we can install on your site for you.

Magento 2
https://amasty.com/two-factor-authentication-for-magento-2.html

Magento 1

https://amasty.com/magento-two-factor-authentication.html

If you wish to have one these plugins/extensions installed, please contact either Dan Voss or Brad Kort to make the arrangements.

Security is important to us and we take these threats seriously. Please be aware that choosing to do nothing can result in your site being compromised and the theft of customer data.

As of March 14, 2019, Authorize.net will no longer support the MD5 hash.  That means that ALL current Magento Authorize.net integrations will cease to work on March 14.  AbleCommerce will NOT be effected.  So AbleCommerce merchants can safely ignore notices that Authorize.net is sending.

On Friday, March 1, Magento released new Authorize.net extensions for all versions of Magento.  This week, we are organizing the process to upgrade our clients.  We'll be sending each client a message to co-ordinate that upgrade with you.  We expect to do the replacement work off hours to minimize any impact to your sales.  For W2M hosted clients, this will be done at no charge.  For non-hosted clients, we expect the work to take about an hour.

Please share this with anyone in your organization who may need to know.  For more details from Magento, visit:

https://support.magento.com/hc/en-us/articles/360024368392

If you have questions, please open a ticket on our help desk.  We'll be glad to assist.

You may have recently received an email from Authorize.net about changing infrastrure and are wondering how this is going to affect your site. We do not use a whitelist for payment gateways, so these changes will not have any impact on your site

PSA for our clients - Our servers are all functioning correctly. Comcast is experiencing extreme outages which is causing sites to not load or load slowly. You can follow along here: http://downdetector.com/status/comcast-xfinity

The TLS encryption (often referred to as SSL, an older technology) is critical to eCommerce sites.  It scrambles the data between browser and server so hackers can’t easily steal and use it.  However, running your whole website under TLS provides several other benefits that are growing in importance.  We strongly recommend you prepare to have your whole site running under TLS/SSL in the next 3 months.  Your site will be more secure, load faster, have improved SEO and provide a better user experience.

What is TLS Encryption?

Transport Layer Security (TLS) is a protocol that provides privacy, security and data integrity between two internet applications.  For example, between a browser and a web server.  It’s the most widely deployed security protocol in use.  Other applications that use TLS include email, file transfers (SFTP), VPNs, instant messaging and VOIP.

How is my Site More Secure?

By using TLS encryption on every page, ALL data is securely transmitting.  Many sites have forms sending unencrypted data.  Often times, that’s not a big deal if it’s not credit card data.  However, even less sensitive data could be helpful to a hacker or competitor.  For example, more...