The un-controlled file structure with more than 70,000 files is making Magento CE vulnerable to malicious attacks. Magento need organised and well-audited growth before it crumbles under its own weight
In July 2019 Many of the Magento based eCommerce shops were hit by the dreaded "Magento Killer" virus. Some of them also included high profile jewellery websites developed by TransPacific Software.
The Magento Killer changes core settings in the infected Magento installations, stealing credit Cart and client information
We patched and cleaned them but decided to go a step ahead. Investigate why worldwide Magento sites are hit regularly by malicious scripts.
Our Python team decided to build a bot to deep dive in Magento 2.3.
One of the biggest problems with Magento we spotted was; uncontrolled growth of its folder and file structure. More than 70,0000 files. Many were redundant. Many inviting hackers to exploit them and many a deadwood.
Files | Magento 2.3..2 | Woocommerce + WP 5.2.2. |
---|---|---|
PHP | 46040 | 2609 |
CSS | 335 | 597 |
JS | 2422 | 850 |
Others | 21292 | 884 |
Total Files | 70089 | 4940 |
The direct result of such uncontrolled growth of Magento size is:
File Types -
File Types -
File Types -
File Types -
File Types -
File Types -
File Types -
File Types -
File Types -
File Types -
File Types -
Plugin name - MSP_ReCaptcha
Plugin name - Amazon_Core
Plugin name - Amazon_Login
Plugin name - Amazon_Payment
Plugin name - Dotdigitalgroup_Email
Plugin name - Klarna_Core
Plugin name - Klarna_Ordermanagement
Plugin name - Klarna_Kp
Plugin name - MSP_TwoFactorAuth
Plugin name - Temando_Shipping
Plugin name - Vertex_Tax