We have developed Magento sites for many years, and have watched the platform evolve from the early days of Magento 1.x up to the state-of-the-art sophistication of the Magento 2.3.x environment. The Magento ecosystem is always being improved over time, and because it powers tens of thousands of ecommerce sites, it is a common target for hackers.
While the upgrade process from older to up-to-date Magento versions can be somewhat time consuming, the benefits include much stronger protections against malicious behavior. Not to mention dealing with security breaches and malicious code insertions in your Magento installation can be a much, much more costly situation to deal with.
We strongly recommend upgrading your Magento site to the most up to date version. With Magento 2.3.x, you not only get a number of security improvements, but a number of performance enhancements as well.
Magento 2.3 Security Improvements
Improved Password Encryption: The hashing algorithms (encryption) used in Magento 2.3 passwords has been strengthened, and modern PHP 7.2 encryption tools (Argon2ID13) are now supported.
Improved Cross-site Scripting (XSS) Attack Security: Cross-site scripting is a browser security issue that can occur in web applications, which allows attackers to inject malicious code into a web page. Magento 2.3 includes 75 security enhancements to deal with XSS attacks, remote code execution (RCE), and data vulnerabilities. Staying up-to-date with your Magento version will ensure you get the benefits of any security patches that have been released from the Magento Core team.
Checkout ReCaptcha: In an effort to deal with security problems in Paypal Payflow payment gateways, Magento has folded in Google ReCaptcha support into core, to help manage issues like high-velocity transaction attacks and other fraudulent transactions.
Improved Library Support: A number of Magento 3rd party integrations have been updated, bringing along all the security and performance enhancements that come along with those up-to-date libraries like Authorize.net, Accept.js, ElasticSearch6+, Paypal, Redis, modern PHP version support, and more.
Magento 2.3 Performance Improvements
Performance and security are near and dear as the dual focus of our Magento Maintenance / Security & Performance Plans, and Magento 2.3 delivers excellent features for both of these areas.
Improved Address System: The Customer Address system has been redesigned to performance, improving handling thousands of additional addresses. Admin views benefit from this performance gain, and the front end interface for customer address management has been improved.
Checkout Billing/Shipping Persistence: Shipping and Billing data is retained during cart updates.
Page Load Optimization: Page load speeds have been improved during high CPU load. Additionally, product gallery load times are improved/optimized. Page rendering has also seen some performance improvements.
All of these benefits come along with the improved security enhancements in Magento 2.3. If you have ever had to deal with security issues in your site before, you already know that these updates are critical to avoiding huge headaches that could potentially occur with a compromised site. We always recommend staying up-to-date with your e-commerce software, and the Magento Core performance improvements bring along some welcome changes that your customers will notice as well. All of this means your platform will keep people coming back, and their data will be safely stored.
Keeping Your Magento Site Healthy for the Long Term
Our clients love our monthly Magento security and performance plans. They are designed to keep your site consistently up-to-date, and we patch critical security patches within 24 hours of the date that Magento issues them. Questions? Get in touch – we’re friendly :).