Are these Magento security concerns urgent?
-
Hey Mozzers!
I recently started working with a new Magento programmer for our ecommerce site. He sent me this scan/report outlining some security issues that need to be addressed.
This is a new partnership so I'm not sure which issues should be a major concern, or if I should not focus on them. Would you be able to give me your opinion on the importance of the security issues?
https://www.magereport.com/scan/?s=http://metallumcreations.com/
-
Hi localwork!
If Ryan answered your question, would you mind marking his response as a "Good Answer?" It'll get him some bonus MozPoints, and it helps us keep track of things.
-
Thanks for the response Ryan!
Clients are always showing me the spam emails they receive with immediate 'warnings about site security'. Since this is a new partnership with this particular programmer, I couldn't discern whether the issues were important/critical or junk.
Thanks again!
-
It's a best practice to make sure your whatever software your site is using is patched and up to the latest addition. A high risk warning from that page, "Patch SUPEE-6285 fixes a leak where hackers can take over customer's sessions and download lists of your shop's order details through the RSS feature. Released July 7th, 2015." Would certainly be worth fixing.
From an search perspective, Google has stated that security is a ranking signal: https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.
Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.
We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.
So making sure your site is secure can have multiple benefits.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Urgent: Any point having /au version of the website for Australia?
Hi, We just migrated our website from /uk to the global one (but we still kept /us). We are expanding our business to Australia. Is there any point having the global .com site duplicated as .com/au provided the content will be identical? What's the /au impact on the domain strength and rank in Australia in comparison to having just .com. Is there any point? Anyone has direct experience? What's the best practice? Many thanks for the answers. Katarina
Intermediate & Advanced SEO | | Katarina-Borovska1 -
Cloudflare - Should I be concerned about false positives and bad neighbourhood IP problems
I am considering using cloudflare for a couple of my sites.
Intermediate & Advanced SEO | | lcourse
What is your experience? I researched a bit and there are 3 issues I am concerned about: google may consider site bad neighbourhood in case other sites on same DNS/IP are spammy.
Any way to prevent this? Anybody had a problem? ddos attack on site on same DNS could affect our sites stability. blocking false positives. Legitimate users may be forced to answer captchas etc. to be able to see the page. 1-2% of legit visitor were reported by other moz member to be identified as false positive.
Can I effectively prevent this by reducing cloudflare basic security level? Also did you experience that cloudflare really helped with uptime of site? In our case whenever our server was down for seconds also cloudflare showed error page and sometimes cloudflare showed error page that they could not connect even when our server response time was just slow but pages on other domains were still loading fine.0 -
URL Formatting - Magento
Hi, We are working with a client on Mangento who URLs are formatting Google friendly eg; productname.html - as seen in site search in Google) but when you click the link to the site it is adding on #.VEWKQxbc754 (or similar) The site is also having some page indexing problems as well Thoughts? specific settings/Add on in magento?
Intermediate & Advanced SEO | | Pure-SEO0 -
Can using nofollow on magento layered navigation hurt?
Howdy Mozzers! We would like to use no follow, no index on our magento layered navigation pages after any two filters are selected. (We are using single filter pages as landing page, so we would liked them indexed) Is it ok to use nofollow, noindex on these filter pages? Are there disadvantages of using nofollow on internal pages? Matt mentioned refraining from using nofollow internally https://www.youtube.com/watch?v=4SAPUx4Beh8 But we would like to conserve crawling bandwidth and PR flow on potentially 100's of thousands of irrelevant/duplicate filter pages.
Intermediate & Advanced SEO | | MozAddict0 -
Magento SEO firm
I'm looking for an SEO company that has substantial experience with the Magento shopping cart system. I've gone thru MOZ.com's Recommended List but I'm unsure of who specializes in Magento. Thanks.
Intermediate & Advanced SEO | | UncleXYZ0 -
A Magento site driving me crazy... any suggestion is appreciated
Hi guys, this time it's me asking for help :D. I have a client with a Magento 1.7.0.0 version site: www.mybomboniere.it I audited it, and found out tons of issues, but the one that worries me more is the fault of canonicalization, which is causing serious duplicated content problems. I'm not new to Magento, hence, the first thing I did was going to: First: Going to System > Configuration > Catalog > Search Engine Optimization and setting on "No" the Use Categories Path for Product URLs voice. Doing so I quit all the duplicated product pages. System > Configuration > Catalog > Catalog > Search Engine Optimization and setting on "yes" the voices Use Canonical Link Meta Tag For Categories and Use Canonical Link Meta Tag For Products. Doing this I should see URLs with sort parameters having the URLs without them as canonical The BIG PROBLEM is that even if I did that, I am still not seeing any rel="canonical" tag added to the code. I've tried to figure out the reason of this, but - sincerely - I cannot find one. Secondly, the client created so many categories and subcategories that - honestly - the best thing would be to start cutting some of them. But one thing is what is correct in theory, another what the client desires, and she does not desire cutting any subcategory.
Intermediate & Advanced SEO | | gfiorelli1
That means that some risk to be a substantial duplicate of others. The correct choice should be to canonicalized the overly identical subcategories to a main one... but this is not possible using the default Magento functions. So, or using an SEO extension (but, which one is the best for Magento 1.7.0.0.? Yoast plugins seem outdated), or using a solution like the second option proposed in this post: http://www.adurolabs.com/blog/technical/how-to-add-rel-canonical-in-magento. The doubt is that the post is presenting it in case of products pages, not categories ones. Hence, is it correct also for them, or do you have others suggestions. Sorry for the long question, but any help will be much appreciated :). Ciao Gianluca0 -
Preserving URL Structure from Os Commerce to Magento
I have a website that is built on OS Commerce and I am planning to transition to Magento. I was told that the transition to Magento would change my url structure. How do I preserve my current url structure while migrating to the Magento platform so that I do not lose my backlink profile.
Intermediate & Advanced SEO | | WebServiceConsulting.com0 -
Urgent Site Migration Help: 301 redirect from legacy to new if legacy pages are NOT indexed but have links and domain/page authority of 50+?
Sorry for the long title, but that's the whole question. Notes: New site is on same domain but URLs will change because URL structure was horrible Old site has awful SEO. Like real bad. Canonical tags point to dev. subdomain (which is still accessible and has robots.txt, so the end result is old site IS NOT INDEXED by Google) Old site has links and domain/page authority north of 50. I suspect some shady links but there have to be good links as well My guess is that since that are likely incoming links that are legitimate, I should still attempt to use 301s to the versions of the pages on the new site (note: the content on the new site will be different, but in general it'll be about the same thing as the old page, just much improved and more relevant). So yeah, I guess that's it. Even thought the old site's pages are not indexed, if the new site is set up properly, the 301s won't pass along the 'non-indexed' status, correct? Thanks in advance for any quick answers!
Intermediate & Advanced SEO | | JDMcNamara0