Check out our newest developed Magento2 Christmas Extension: More Info and Demo

How to protect Magento stores from Heartbleed Bug

1. About the bug:
Heartbleed is server software (OpenSSL) bug so it’s more like a server vulnerability. Most of the webserver use OpenSSL extension to manage the secured connection.
Heartbleed opened your openSSL memory to the public, this means, everybody was able to read upto 16kb chunks of your memory.
This memory holds:
a) Private keys
b) Request data
c) Response data

2.Am I infected?
Here is the link to check if your server is affected:

http://filippo.io/Heartbleed
http://possible.lv/tools/hb
https://heartbleed.hostgator.com

3.Our Advice?
The fix is:
a) Upgrade OpenSSL to the newer version (OpenSSL 1.0.1g and above).
b) Change all passwords: Attackers may be able to read the password and username, therefore resetting the passwords for all users is suggested.
c )Change the private key: Changing your magento private key is must for every store owner.

4.If you are an ecommerce solution provider.
You must mail your Magento customers and ask them to perform the above fix

The following two tabs change content below.
Harshal Shah is CEO & Founder of Xhtmljunkies, Located in Gujarat, India, XHTML Junkies is one of the best companies that offer unique eCommerce solutions by the virtue of its dedicated professionals. Our professionals are extremely proficient in offering development services pertaining to eCommerce. You can find Harshal on and Twitter.