Hi to anyone who reads my post, my name is Trevor Langfield and I'm the MD of Highpower Systems UK Ltd.
I recently had an employee (who managed the main aspects of our Magento website shop), suddenly terminate his employment, which has left us in the dark about how to deal with, a recent email from Magento, saying that vital security updates need implementing as soon as possible.
I've been in business approx. 45 years, I'm self taught on every aspect I've been involved in with my business and I'm reasonably computer literate.
I've managed (I believe) to back up the site, which I felt was a first vital step, before attempting to change anything and I found that easy, once I'd overcome a couple of issues that I encountered.
I've also improved the security of my forum (at my first attempt), which has made it more secure, than the trained guy who set it up for me originally and that was achieved purely by relying on common sense.
I'm giving you this information purely as insight into what I 'might' be capable of, so you have something tangible, to base the advice I'm about to ask for on.
I'm tempted to try and carry out the security updates to my website myself, so I'd be grateful if anyone could advise me as to the following;
1) Would you think it was something a complete novice could do?
2) Is there anything more that I nee to do, to guard against the worst consequences of a mistake?
3) If I mess up in some way, will I wish I'd found someone else to do it for me or is it just a 'simple' matter of restoring from the back up I've made or is even that not that simple?
4) When doing the back-up I found some tips about what was involve and found that the on site back-up, didn't back up all that would be needed for a full restore, can anyone verify that is the case, please?
Thank you in advance for taking the time to read my post and to anyone who spares the time to provide me with some advice.
Welcome to the community forums!
The best way to start is to ask and try to help into the forums so you are in the right path.
You should read this post: https://community.magento.com/t5/Welcome-to-the-Magento-Community/Start-here-and-hello-from-me/m-p/5... (in particular the guidelines)
To start talkign about your issue, first of all, you should share with us which version of Magento are you using.
Is not the same process for Magento 1 than Magento 2.
Thank you for taking the time to reply.
As I stated in my opening sentence, I'm a complete novice and have been dumped in this situation, by an inconsiderate ex-employee, who resigned without giving any notice and without leaving any of the key information, that would have enable anyone else to take over his work, so we are floundering about searching for any help we can find.
I wasn't aware that there were a number of versions and sub-version of Magento (until recently), so that's why I didn't provide a version number in my first post but I now know it's a Ver. 126.96.36.199
Since my last message I've been contacted by Magento, to tell me that my website is vulnerable to certain forms of attack and I need, to carry out certain actions to avoid such attacks but it looks far to complicated, for someone without any experience of Magento or anything even remotely similar to follow.
I was hoping it would just be a matter of downloading an upgrade or a patch (or both), as with some other software programs I've used but that doesn't seem to be the case with Magento or at least if it is, it isn't as simple as I nee it to be.
For a start I looked at downloading a patch for Supee but it offers 3 options and each has 2 sub-options, none of which is describe in a way, that helps me to identify which I need.
I've a feeling that I'm going to have to resort to handing the job to someone with some experience of this kind of work, at least until the site is secure but if you feel like offering any further assistance, I'd certainly appreciate it.
I understand your current situation and, and the end, you should choose the best option for you.
Maybe is a good idea to get qualified support at the begining to help you to understand quickly and fix as soon as is possible the possible major issues.
Patches can be tricky because you will need to check if any of your possible 3rd-party modules will work properly or maybe there is a fix to apply.
Sometimes, you also need to apply some minor fix to your theme.
If you need to search for support, maybe you can start here:
I guess, if I were you, I'll perform and audit of the store to try to detect the major and minor issues and then prepare my action plan.
Patches should be into the urgent list.
(my 2 cents)