Michael Dekker’s Recommendations
Every store owner should ask the perspective software author these things:
- Have you ran your web application through a vulnerability scanner?
- Are you listed on the PrestaShop’s addon store?
- You should check theme/module reviews.
Lesley Paone’s Recommendations
You should definitely have nightly backups and retain them on your own hard drive for at least 30 days. And, make sure your host has antivirus software installed on the server. PCI DSS Requirement 5.1.1. states that you should have antivirus software installed at your home office PC/Mac and on the server. You should also hire a professional to remove malware injected into your code and/or database.
Mr. Paone recently announce on July 6th, 2016 a vulnerable warehouse theme for prestashop on his blog.
How StrikeHawk Protects Your Theme / Modules
PCI DCC V3 Requirement 6.10 requires any hosting provider and end-user to regularly check logs for malicious activity. A Intrusion Detection System such as CXS from Configserver.net helps us ensure we can flag and react to that kind of activity. In most instances, malware is rejected from upload or injection from vulnerable themes or modules.
We tested the warehouse theme reported by Mr. Paone for all of the known vulnerabilities reported. No such penetration ever made it past our security systems. It’s the only line of defense you have in your arsenal. We protect you from malicious attacks with all the web applications you install in our hosting environment.