Malware signatures

In this release we’ve added over 2400 new malware signatures to the credit card hijack check. So make sure to scan your shop for new malware on

Improved SUPEE-10975 check

We recently got messages from several users indicating that the SUPEE-10975 check was giving false positives. We’ve listened to this feedback and made the SUPEE-10975 check more stable for several edge-case situations. If you ever think a check is returning incorrect results don’t hesitate to mail us at

A special thanks to Thorsten Möllmann, David Rushton, Kaarel Korv, Aad Mathijssen and all other related parties who helped us improve this check.

Cloudflare check removal

Previously we had a Cloudflare check for some checks to see if the returned static files were being served by Cloudflare or not. This could lead to us seeing that a patch was not applied, because Cloudflare was still serving the old cached files. However, it turns out this check was very flaky. We often received messages from users who were not using Cloudflare and still got the message. So for now we’ve removed the Cloudflare check, until such a time where we feel confident enough that we’ve improved the check to put it back again.


In relation to the deprecation of the Google+ API’s we’ve updated our social login links. Note that there might be some issues with LinkedIn logins. We’re aware of the issue and are expecting to come with a fix the coming weeks. Other users should see no change in their login behaviour.