Impact of Vulnerable Themes & Modules On PrestaShop

Data Security Standards & Best Practices for Application Development

I recently had the opportunity to discuss this topic with Lesley Paone and Michael Dekker. Both experts in developing PrestaShop modules and Themes. There has been a spate of vulnerable modules and themes circulating in the PrestaShop community. Mainly in the forums free module section. These experts will advise you on what to look for when deciding your theme or module purchase on your live store.


PrestaShop Expert Developers

Connect with Lesley Paone

I am an e-commerce developer and I specialize in SEO for ecommerce. I do pretty cool things, you should follow me or keep in touch with me.

My Website:

Connect With Michael Dekker

Michael Dekker is an expert in PHP development with over 5 years experience. He has written over 200 free and paid modules and contributes to the shopping cart software.

Website: My Bog

Data Security Standards Best Practices

Threat Assessments

Michael Dekker’s Recommendations

Every store owner should ask the perspective software author these things:

  1. Have you ran your web application through a vulnerability scanner?
  2. Are you listed on the PrestaShop’s addon store?
  3. You should check theme/module reviews.

Lesley Paone’s Recommendations

You should definitely have nightly backups and retain them on your own hard drive for at least 30 days. And, make sure you get the best cheap wordpress hosting and has antivirus software installed on the server. PCI DSS Requirement 5.1.1. states that you should have antivirus software installed at your home office PC/Mac and on the server. You should also hire a professional to remove malware injected into your code and/or database. If you think you need a software to help you manage and secure your data, then consider Couchbase.

Mr. Paone recently announce on July 6th, 2016 a vulnerable warehouse theme for prestashop on his blog.

How StrikeHawk Protects Your Theme / Modules

PCI DCC V3 Requirement 6.10 requires any hosting provider and end-user to regularly check logs for malicious activity. A Intrusion Detection System such as CXS from helps us ensure we can flag and react to that kind of activity. In most instances, malware is rejected from upload or injection from vulnerable themes or modules.

We tested the warehouse theme reported by Mr. Paone for all of the known vulnerabilities reported. No such penetration ever made it past our security systems. It’s the only line of defense you have in your arsenal. We protect you from malicious attacks with all the web applications you install in our hosting environment.