Magento is going to make updates easier because many webshops don’t update

Webshop platform Magento is going to make automated downloads of updates easier, now it appears that many owners of webshops do not install critical updates. That’s what Magento says after web host Byte sounded the alarm about the lack of updating.

According to Byte, 80 percent of the 200,000 Magento-based webshops worldwide are vulnerable due to a lack of updates. The hoster has investigated this with its own tool, which checks the installation for vulnerabilities. The web host also refers to a tool with which webshop owners can check whether they belong to the vulnerable webshops.

In a statement to Byte, Magento says it recognizes that updating is a problem. “While the flexibility of our platform prevents us from automatically distributing patches, we are always working to notify affected web store owners and get them patched as soon as possible.”

In addition, Magento says, work is underway to simplify the downloading of updates in order to allow more webshops to update faster. Magento does this by making patches ‘more easily available’ for automated downloads. Updating a Magento installation is complicated, partly because it has to be done via a terminal and this has to be done separately for each webshop.

Magento has released several major patches for its platform this year, including one in April. Some updates for critical leaks followed this summer. Byte previously concluded that attackers are actively trying to crack poorly secured Magento installations.