Table of contents
- Who are you?
- How does it work?
- Is it safe to run this test?
- Aren't you helping hackers?
- How do you maintain it?
- Can I control what sites are scanned?
- Do you store the scan results?
- Why are some checks RED while I surely have installed the patch?
- Some checks are grey. Can I make them green?
- Do you provide an API?
- Can I scan my locked Magento shop?
Who are you?
This free service gives you a quick insight in the security status of your Magento shop(s) and how to fix possible vulnerabilities. MageReport.com is made by the Magento hosting specialists of Dutch provider Byte. With a dedicated team of 40 skilled colleagues, we protect performance and security of several thousand Magento shops.
By sharing our tools with the rest of the Magento community, we hope to increase the overall security of Magento worldwide.
Back to topHow does it work?
It is not possible to see from the outside of a Magento shop which files exist on the server. So we use behavior-based identification patterns. This is possible because each Magento patch introduces subtle changes in behavior.
Apart from that, it is possible to request a few static files and derive the Magento version from that. Our work is shared on Github.
Back to topIs it safe to run this test?
Yes. This site exclusively uses passive checks, ie they run in read-only mode and do not, in any way, modify your shop.
Back to topAren't you helping hackers?
We are positive that MageReport contributes to Magento safety worldwide. The MageReport tool only tells you what is wrong, not how to exploit it. Ultimately, we believe that by sharing our findings with the community, we actually increase security awareness and thus increase Magento security globally.
Back to topHow do you maintain it?
We do this already for our own customers, as we closely follow Magento releases and security trends in the community so that we can act swiftly when it is required. Because of our high volume of professional Magento shops, we are generally one of the first to notice new threats and attack patterns.
Back to topCan I control what sites are scanned?
Yes, if you want to exclude certain sites from the scan, you can block the "magereport" user agent, as we will always use that.
Back to topDo you store the scan results?
For your convenience, we save results so that when you come back, you don't have to enter your shops again. If you want, you can purge the results from our system by clicking the litter bin icon on the left.
Back to topWhy are some checks RED while I surely have installed the patch?
Unfortunately, in some cases patches appear to be installed (on disk) but are not effective (in the running shop). Possible reasons:
- You need to flush your cache, restart webserver, php processes or other intermediary system (80% of cases). In case of doubt, ask your hosting provider.
- You have custom code in place (possibly overwriting core files) that effectively overrules the patch. It is recommended to find a certified Magento developer to remedy the situation.
Some checks are grey. Can I make them green?
MageReport checks from the outside, because it cannot see your code. Sometimes checks will give an "unknown" result. This is notably the case for a fully patched shop, because once patch 5994 is installed, it is not possible to determine the existence of patch 5344. However, as patches must be applied in order, this is seldom a problem.
Back to topDo you provide an API?
No. Magereport was developed as part of the service we offer to customers of the Magento hostingplatform Hypernode. Our interface is an integral part of the Magereport service. It's where we communicate and launch new features. We welcome everybody to use Magereport, but please use the whole tool.
Back to topCan I scan my locked Magento shop?
Is your Magento shop locked behind a Basic Authentication username/password combination? It might be possible to still scan your shop by adding these to the URL, e.g. : http://username:[email protected]
Back to topDisclaimer
It's our first priority to make our security checks accurate. While we thoroughly test and constantly tweak our security checks, we cannot guarantee that the results are always 100% accurate. Every Magento store is different, and in some scenarios, the configuration of your store or server may lead to false positives or negatives. Therefore, we advise you to use MageReport as a guide. If you are unsure about the validity of a check, please consult your developer or find one on the support page.
MageReport is brought to you by Hypernode
The advanced Magento hosting platform by Byte
Tweets about magereport