Credit card hijack indicators

We often receive questions about why a shop is showing up as vulnerable for the credit card hijack check. To make this more clear to users we’re now showing exactly which indicators we found on the webshop. This should be relatively easy to use for other checks as well, so expect to see indicators for other checks as well in the future.

No magento install found reasons

Similarly to the credit card hijack check we often receive questions about why we sometimes cannot detect a Magento webshop on a specific URL. Answering these questions often takes some manual effort from our side, but often results into being related to timeout or authorization issues. So to try and help users figure out why we cannot detect a Magento webshop we’re now showing the reason why we could not detect this. In some cases the result might still be “No magento install found”, which means we really could not find a Magento install and is not the result of some timeout/authorization issue.

More SUPEE10975 improvements

It recently came to our attention that sometimes the check would return that the patch has not been installed. This was due to the fact that we could not detect certain static assets due to authorization issues. Instead of assuming that means the patch is not installed we check the response codes we received, if there’s anything in there that might indicate an authorization issue we will return the “unknown” status for this check.

Special thanks to Rudolf Rieder for notifying us of this issue.


Recently we transitioned to an updated version of our social auth system. This led to LinkedIn logins not working anymore. This should now be fixed. Some users might also have encountered 500 errors when visiting the website. This should also have been fixed. If you notice any issues please feel free to message us at