ECommerce Insights Blog

Stay on top of it all and get ahead with useful articles, how-tos, tips and tricks on e-commerce.

How To Secure Your Magento Store From Heartbleed Vulnerability?

Looking for Magento Heartbleed bug vulnerability fix? Well read on. Heartbleed vulnerability affects SSL Certificates that’s https:// in the url address bar. If you are running a Magento store and using SSL / HTTPS most probably your store might have been affected by Heartbleed vulnerability which enabled hackers to access your secure data i.e. login details, passwords or any other sensitive data.

Although Heartbleed is nothing new since it was detected 2 years ago but since it’s publicly announced there was a massive fear amongst many who are using SSL. As per a survey more than 40% websites uses SSL / HTTPS and that’s a huge number. Heartbleed is not a website or Magento platform flaw but it targets the very core underlying technology that is used by millions of sites.

Ever since it is announced all major vendors, servers, hosting companies, SSL certificate vendors are working and fixing the same. Most probably you must have received an email from your hosting company or domain registrar like Godaddy for a possible fix.

Magento on SSL is also affected by Heartbleed just like any other platform or web app that uses SSL / HTTPS.

How to ensure that your Magento store is not vulnerable to Heartbleed bug?

Since OpenSSL is the most used cryptographic software library there are very high (almost 100%) chance that your Magento store is either directly or indirectly exposed to this vulnerability. Since the very nature of Heartbleed bug is not to leave any traces even after stealing highly sensitive data. It’s not possible to actually predict whether you have lost or compromised any data.

OpenSSL affected Versions

Following OpenSSL versions are reported to be affected by Heartbleed

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Heartbleed Vulnerability Test Tools

Use the following web testing tools to figure out whether your Magento store is affected by Heartbleed


Magento Heartbleed Fix

First of all upgrade your OpenSSL library to the latest version, you can ask your web host to do this for you. Run the following comman on a dedicated machine to update OpenSSL

yum update openssl


apt-get upgrade openssl

Do not forget to Restart all services to let the new OpenSSL library in effect.

Run a quick check to see the latest OpenSSL version

openssl version -a

Finally, confirm that you are using OpenSSL version 1.0.1g or if the patched version’s built date is 7th April onwards you are good.

We would love to know how you have resolved Heartbleed OpenSSL vulnerability for your Magento store? Please leave us a comment and let us know.