Reply to post: Re: It happened to me too

Magento shopping cart attack targets critical vulnerability revealed in early 2022


Re: It happened to me too

I think half the problem with Magento is that it's just so tricky to get to run stably in the first place, many don't bother updating it. The attitude seems to be, if it's working for $deitys sake don't touch it!

From personal experience, dealing with Magento is a bit like defusing a bomb. It doesn't matter how careful you are, the whole thing can still blow up in your face with the slightest misstep. It feels like sometimes it doesn't even require a misstep, it just depends what mood Magento is in on that particular day.

What also doesn't help is that many theme and plugin vendors require very specific Magento versions, many of which are woefully outdated and insecure. I had a client who purchased a Magento theme / custom plugin set from a vendor and bought the installation package from them. I had setup a completely stock, fully updated Magento installation for them to use, only to find they had wiped that and put a very old and insecure version in its place (we're talking 4 or 5 years old). I tried to re-update it and the whole site exploded. On checking with the vendor, they said they only support one specific version and we'd have to pay again for them to downgrade to that version. Needless to say, I got them to refund my client's money.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon