Are these Magento security concerns urgent?
-
Hey Mozzers!
I recently started working with a new Magento programmer for our ecommerce site. He sent me this scan/report outlining some security issues that need to be addressed.
This is a new partnership so I'm not sure which issues should be a major concern, or if I should not focus on them. Would you be able to give me your opinion on the importance of the security issues?
https://www.magereport.com/scan/?s=http://metallumcreations.com/
-
Hi localwork!
If Ryan answered your question, would you mind marking his response as a "Good Answer?" It'll get him some bonus MozPoints, and it helps us keep track of things.
-
Thanks for the response Ryan!
Clients are always showing me the spam emails they receive with immediate 'warnings about site security'. Since this is a new partnership with this particular programmer, I couldn't discern whether the issues were important/critical or junk.
Thanks again!
-
It's a best practice to make sure your whatever software your site is using is patched and up to the latest addition. A high risk warning from that page, "Patch SUPEE-6285 fixes a leak where hackers can take over customer's sessions and download lists of your shop's order details through the RSS feature. Released July 7th, 2015." Would certainly be worth fixing.
From an search perspective, Google has stated that security is a ranking signal: https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.
Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.
We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.
So making sure your site is secure can have multiple benefits.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Magento missing SEO fields?
Hi Guys, Have a client who's blog is combined with there e-commerce site which is on Magento 2 but there are no SEO fields to add meta title, description. It only has the ability to add h1 tag see: https://cl.ly/3c6897aa5132 We want to add this ability to add meta data like this: https://d.pr/i/8GdbDc Does anyone know how to do this? Cheers.
Intermediate & Advanced SEO | | brandonegroup0 -
Still Not Secure in Chrome
Hi We migrated to HTTPs in November - but we still aren't showing as Secure. I thought it was due to there being an Insecure SHA-1 script in the SSlL Certificate, so am waiting to get this fixed. We had a few http links outstanding so they have been updated, but we're still getting the issue. Does anyone have an idea of what it could be? https://www.key.co.uk/en/key/
Intermediate & Advanced SEO | | BeckyKey0 -
Urgent: Any point having /au version of the website for Australia?
Hi, We just migrated our website from /uk to the global one (but we still kept /us). We are expanding our business to Australia. Is there any point having the global .com site duplicated as .com/au provided the content will be identical? What's the /au impact on the domain strength and rank in Australia in comparison to having just .com. Is there any point? Anyone has direct experience? What's the best practice? Many thanks for the answers. Katarina
Intermediate & Advanced SEO | | Katarina-Borovska1 -
Need Magento SEO expert for 301 clean up - any reco's?
My site is a total mess from a clean “crawling” perspective. We are still getting traffic and doing business, but I am afraid from an SEO perspective we are driving with the parking brake on. There a lot of 301’s and some of them are causing 404 errors. Below is an overview of my 5 year old magento site which was moved from a 5 year old xcart site (so there is a lot of old junk (url’s) in there). It needs cleaning up and I need a plan and seo / 301 help. Overview: Recently moved from http to https - not sure best practices were followed, but we had lots of crawl issues before this move. Analytics Top 100 Landing Pages = 82.7% of entrances Webmaster Tools 594 Pages Indexed 65 Not found errors - most involve 301’s - examples below Sitemap: 773 Submitted, 395 Indexed URL Parameters - 41 - I can’t tell if they are doing anything (helping or hurting) Moz Crawl Total Pages 3,454 324 Redirect Issues (258 Temp and 66 Chain) Magento 11,773 Redirects 5390 System 6383 Custom On July 15, 2017 I deleted 40 redirects from htaccess that a developer had put there that were causing problems. Blog We have a wordpress blog installed on Magento site. Years ago it was moved from a subdomain to a subdirectory.
Intermediate & Advanced SEO | | SammyT0 -
Ranking with subdomain - Urgent
Does anyone have any experience if it is possible to get a website ranking on a subdomain? I'm trying out a business idea and need to keep costs to an absolute minimum. I have a site which I designed in wix.com they give a free subdomain and I want to know if there's any chance of getting it to rank Thanks
Intermediate & Advanced SEO | | seoman100 -
Disavow straightaway? - Urgent
Is there any implication with disavowing straightaway from Google's perspective? I know good practice is to request removal from the web host, however I don't have the time to contact and process the requests. Any thoughts?
Intermediate & Advanced SEO | | seoman100 -
Client has moved to secured https webpages but non secured http pages are still being indexed in Google. Is this an issue
We are currently working with a client that relaunched their website two months ago to have hypertext transfer protocol secure pages (https) across their entire site architecture. The problem is that their non secure (http) pages are still accessible and being indexed in Google. Here are our concerns: 1. Are co-existing non secure and secure webpages (http and https) considered duplicate content?
Intermediate & Advanced SEO | | VanguardCommunications
2. If these pages are duplicate content should we use 301 redirects or rel canonicals?
3. If we go with rel canonicals, is it okay for a non secure page to have rel canonical to the secure version? Thanks for the advice.0 -
Changing Server IP Addresses. Should I be concerned?
Hello Mozers Our site has been on a dedicated server for about four years now. (no other sites, just ours on the server) I have made the decision to move it to a much better and faster server than the current server we are on for more than one reason. My big fear is Google will lose trust for my site because of the IP change. Ip's stay with the server at 1and1 they do not follow the website. So, I have done my due diligence and copied over all code and databases and have tested it completely to insure there are no issues when I change the DNS to point to the new server. Made sure 1and1 is giving me an IP that has never been used, I am Keeping the old server on until cached DNS records expire for it. Is there anything else I need to do to make sure I do not lose current rankings in Google? I have heard nightmare stories about making these kinds of changes but at this point for our site there is no turning back this is a change that must take place. Any pointers and advice would be much appreciated! Thanks!
Intermediate & Advanced SEO | | Robbie82991