{"id":2122,"date":"2014-09-03T14:34:51","date_gmt":"2014-09-03T20:34:51","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=2122"},"modified":"2017-01-03T15:19:55","modified_gmt":"2017-01-03T22:19:55","slug":"sitelock-fails-to-do-basic-security-check","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2014\/09\/03\/sitelock-fails-to-do-basic-security-check\/","title":{"rendered":"SiteLock Fails To Do Basic Security Check"},"content":{"rendered":"

When it comes to the security of websites what we see is a situation where basic security measures, like keeping software up to date, are not being taken and security companies, most of whom appear to have little interested in actually improving security, are selling security services that are really not needed. A good example of this is SiteLock, which sells a security service that doesn’t provide any of the\u00a0security measures that need to be taken to protect your website from hackers<\/a>. Worse than that, we recently found that it is really poor at doing one of things that it is supposed to do, leading the people running websites and their customers to have a false sense of security.<\/p>\n

We recently were hired to do an upgrade of website running Magento 1.4.1.1<\/a>, a rather out of date version (the next version, 1.4.2.0, was released in December of 2010). When we took a look at the website we were rather surprised to see a security seal from SiteLock claiming the website was secure (we have blacked out the domain name in the image):<\/p>\n

\"SiteLock<\/p>\n

Version 1.4.1.1 of Magento is old enough that security patches for major issues are no longer released for it and anyone concerned about security would be running at least the most recent major release, 1.9.0.0, as it includes a number of security enhancements<\/a>:<\/p>\n