Usually we highlight 3 clusters of common vulnerabilities:
Poor Hosting EnvironmentSecure hosting infrastructure costs money. When choosing a cheaper hosting plan, you must understand that the provider has most probably skipped vital security features, such as auto-renewed SSL certificates, DDoS protection, firewalls, and proactive vulnerability detection. Additionally, insufficient server resources can lead to performance issues like out of memory errors, which can make your website unavailable to users. We recommend checking that your hosting plan
includes all the above-mentioned items and sufficient memory allocation.
Compromised Login CredentialsMost CMS developers exclude penetration to the admin panel and block access to databases by auto-generating secure passwords. But when we speak about hosting credentials, responsibility fully lies in hosting accounts owners. Another problem is granting SSH-access to your website. An attacker captures your email, gets SSH or SFTP credentials and then is free to exploit them.
Outdated CMS, Add-ons, Themes and Server SoftwareInvestigations show that up to 56% of the known entry points for hackers are outdated plugins. When you ignore updates, alas, you generate security vulnerabilities with your own hands, because you literally leave an open door for hackers. Please bear in mind that updates provide not only new features but what is more important - vulnerabilities fixes, performance improvements and security patches.
We did our own research together with the CS-Cart team and found out that 71% of all database access utilities are not updated and have vulnerabilities, 17% of them have critical remove_code_execution and arbitrary_file_read vulnerabilities.
The consequence of cyberattacks costs an average of $200,000 on businesses of all sizes, says Hiscox Cyber Readiness Report. Do you still have doubts that selecting a secure hosting provider for your eCommerce store is crucial?