Magento 1 Security Breach
As a Magento partner and an experienced Magento developer we understand how this platform migration from Magento 1 to Magento 2 can seem like a big undertaking for eCommerce sites. Having done several migrations it certainly doesn’t happen with a snap of your fingers. However, we’re sharing this article so business owners are aware of the vulnerability of their site when it stays on Magento 1.
Although Magento 1 sites should have a plan for migrating to Magento 2 soon to prevent security breaches that will inevitably come from using an unsupported e-commerce framework, there is a way to prevent this specific hack from occurring.
Delete the downloader/ directory in your root Magento folder on the server.
That won’t fix a site once it’s hacked, but it deletes the vulnerable code and shouldn’t exist on a production site anyway. This is a tool used to aid with first time installation but you are supposed to remove it after the install is complete.