If you run an eCommerce store on PrestaShop, you’re probably aware that the latest version- PrestaShop 1.7.8.7- was released on 25 July 2022.

This update is particularly significant because it fixes several critical security issues that could allow an unauthorized user to access or modify data on your site. If you’re running PrestaShop 1.7.8.6, we recommend upgrading to 1.7.8.7 as soon as possible to take advantage of this security patch.

Like previous versions, this PrestaShop upgrade is recommended to keep your shop safe from attacks.
Let’s discuss more about it.

Where the Issue Lies?

PrestaShop Inc. has been powering eCommerce stores for years now. Unfortunately, some hostile performers exploit known and unknown security vulnerabilities to inject malicious code into PrestaShop websites, making them steal customers’ payment information.


Must Read: Why Hire Top PrestaShop Development Companies In 2023?


Who are Under Attack?

  • PrestaShops that are vulnerable to SQL injection attacks.
  • Online eCommerce store using outdated software or modules.
  • PrestaShops that are using vulnerable third-party modules.
We can help you fix, maintain, and upkeep your PrestaShop
user-flow

How Does the Attack Work?

Based on the conversations between the developers and the eCommerce owners, the systematic method of operation looks like this:

  • The attacker makes a POST request to the endpoint vulnerable to SQL injection.
  • A GET request to the homepage with no parameters is submitted within one second by the attacker. It results in a PHP file called blm.php at the root of the eCommerce directory.
  • Finally, the attacker submits a GET request to the new file, blm.php, allowing them to perform random activities.

Fake payment forms are injected into the front-office checkout page, and the customers fill their credit card information on the artificial form, unknowingly sending it to the attackers.

How to Keep Your Online Business Safe?

Update to the Latest PrestaShop Version

Ensure that your PrestaShop is operating on the latest version and that your modules are updated. Thus, preventing your eCommerce from being exposed to known and actively exploited SQL injection vulnerabilities.

Disable MySQL Smarty cache

To break the attack chain, physically disabling the MySQL Smarty cache storage feature in the PrestaShop code is recommended.

Perform Regular Checks

Your store requires regular checks and security scans to identify and eliminate potential malicious codes, viruses, hidden spam links, and spam pages. It is vital to remove all sources of vulnerabilities for strengthened security.

Update to Strong Passwords Regularly

frequency-creating

It might seem trivial, but updating to strong store passwords regularly acts as the first line of defense against various forms of hacking. Mandating strong passwords will become one of the standard web features in 2023.

Ensure SSL Certificate Integration

SSL stands for secure socket layer, and as the name suggests, it offers an added layer of security to websites, web apps, mobile apps, and other software. A site with SSL offers data encryption between the web server and user communication. This helps to secure sensitive data like credit card details, customer personal information, username, passwords, etc. 

You can easily check whether your website has an SSL certificate or if you need to integrate one. Simply open the website over a browser. The website with SSL certificates showcases a green or black colored padlock icon in the address field right before the store address.

Bugs Fixed

  • Strengthens the MySQL Smarty cache storage against code injection attacks.
  • Security.
  • Eval injection if the shop is vulnerable to an SQL injection.

Reminder:  Keep your PrestaShop version updated to prevent such attacks. Don’t forget to regularly check for updates related to your PrestaShop software, modules, and server environment.


Must Read: PrestaShop 8.0: The Final Version Is Here!


Safest Approach to Upgrade Your PrestaShop

With these and many other changes, PrestaShop 1.7.8.7 is a must-have update.

Be aware that managing PrestaShop on your own can invite various bugs or technical issues! Consider contacting a specialist to perform a full audit of your PrestaShop and work on it.

Being a PrestaShop partner agency, we have certified PrestaShop experts on board who can help you upgrade/update to the latest version of PrestaShop,i.e., 1.7.8.7.

Let’s connect and get the needful done.

user-flow
Boost Your Online Store with Prestashop Upgrade

2500+

Project Launched

20+

Years of Experience

250+

Skilled Professionals

60+

Days of Free Support

Frequently Asked Questions

Q1. Why do you need PrestaShop login security?

PrestaShop login security with two-factor authentication (2FA) eliminates the risks associated with compromised passwords. Even if a user’s password has been hacked, guessed, or phished, the attacker fails to log in. Login is successful only after the approval of the second factor.

Q2. How to manually upgrade your PrestaShop?

Manual upgrade of a Prestashop store involves you implementing the following steps:

  • Download PrestaShop’s latest version
  • Go to the compressed archive and extract files
  • Further, switch the store to the maintenance mode
  • Disable caching
  • Next, copy the files to the server
  • Update your database
  • Eliminate the “Install” folder
  • Update forms

Q3. How to set up PrestaShop multistore?

To enable multiple stores in PrestaShop, you need to do the following:

  • Navigate to the shop parameters
  • Go to General 
  • Now enable the Multistore option

This creates a multishop tab under the advanced parameters section.

Author’s Bio

Himanshu Rehani - Sr. Software Developer

Holding the position of a software developer, Himanshu started off his career with Nethues five years back. Since then, he has put in every effort to learn and grow into a full-fledged developer.

Read more posts by

Stay Updated

We regularly share new tech updates, blogs, articles and industry insights. If you enjoy reading them to grow your knowledge! Drop your email address and hit the subscribe button.


Unleash the Power of Our Cutting-Edge IT Outsourcing Services for Streamlined Operations and Enhanced Productivity!

GET IN TOUCH

Want to hire certifiedPrestaShop developer for your project?

Let's Talk