Zum Inhalt springen
Proactive security updates

Blog

Checkout Script Integrity - Block Web SkimmingThird-Party Scripts (6.4.3)Inventory with integrity checksanalytics.jsSRI verifiedpayment.jsSRI verifiedchat-widget.jsCSP allowedcdn-lib.jsSRI verifiedskimmer.jsCSP blockedshop.de/checkoutCheckoutCard number4716 24** **** 8391Expiry date09/28Security code (CVV)* * *Pay nowForeign scripttries to read card number and CVVand send it to a foreign domainblocked by CSP and SRIloadedmonitoredTamper Detection (11.6.1)Integrity checks at the checkout4/54 allowed1 blockedIntegrity confirmedCheck interval: 7 days!1 tampering blockedAlert sent to teamFour Layers of Checkout ProtectionScript inventorySubresource IntegrityContent Security PolicyTamper detectionContinuous integrity monitoring detects tampering before payment data leaksScript inventory | SRI | CSP | tamper detection per PCI DSS 4.0
Sicherheit Jul 8, 2026

Magecart Protection: Stop Web Skimming at Checkout

Web skimming steals card data right in the browser. See how a script inventory, Subresource Integrity, CSP and tamper detection per PCI DSS 4.0 stop the attack.

13 min read Read →
Accessibility as an Ongoing Process: Staying EAA-CompliantTheme Updatecan break focus and contrastPlugin/App Updatecan break keyboard operationCheckout Updatecan break form labelsEvery release can introduce new barriers and undo conformanceRecurring conformance cycle in the maintenance contract1. Test WCAG 2.2 AAkeyboard, focus,contrast, screen reader2. Maintain statementaccessibilitystatement with date3. Feedback channelreview reportsfrom users4. Fix barriersbefore the nextrelease shipsrepeated on every release cycleAktion Mensch 20251/3of shops accessible(tested online shops)Operable by keyboard only20 of 65tested shops usable(Aktion Mensch 2025)Home pages with WCAG errors94.8 %of the top 1M home pages(WebAIM Million 2025)Continuous WCAG 2.2 AA testing instead of a one-off project
Compliance Jul 6, 2026

Web Accessibility: Keep Your Shop EAA-Compliant

Since 28 June 2025 the EAA/BFSG applies to shops. Why WCAG 2.2 AA conformance decays with each update and how recurring maintenance checks keep it intact.

12 min read Read →
Response-Time SLA: Severity, MTTR and EscalationSeverity Levels — Response and Resolution (MTTR)LevelResponseResolution (MTTR)CoverageP1 critical15 min4 h24/7P2 high1 h8 h24/7P3 medium4 bus. h24 h8x5Escalation Chain (P1)1Alarm triggeredMonitoring detects outage · 0 sec2L1 On-callresponds and acknowledges · target 15 min3L2 Engineerauto handover after 15 min, no response4L3 Team leadif still unresolved after 30 minIncident Timeline (today)02:14Alarm: checkout unreachableclassified as P102:16L1 on-call acknowledgedResponse (MTTA) 2 min02:41Root cause isolated, fix deployedverified on staging02:56Resolved: checkout back onlineResolution (MTTR) 42 min · SLA met
Notfall-Support Jul 3, 2026

Response-Time SLA: What Good Emergency Support Does

Response-time SLA for online shops: severity levels P1 to P4, realistic MTTR values and how to recognize reliable emergency support with a committed response.

13 min read Read →
What a Shop Outage Costs per MinuteDirect revenue loss2,000 EUR+per minute (SMB shop, peak hours)Indirect follow-on costs5 to 10xreputation, churn, lost CLVCost curve during the outage0-2 min5 min10 min20 min30 min45 min60 minDetection < 2 min$15,000peak cost per minuteindustry-wide average forlarge organisations in 2026$600Bannual downtime costacross Global 2000 firms,up 50 percent in two years3.4%average stock-price dropfollowing a singledowntime incident24/7 monitoring reports the outage before the first customer notices
Monitoring Jul 1, 2026

Downtime Cost 2026: What a Shop Outage Costs per Minute

What a shop outage costs per minute in 2026: direct and indirect costs, why detection under 2 minutes matters and how 24/7 monitoring protects revenue.

12 min read Read →
The 2026 Patch Window: 5 Hours to AttackFrom a vulnerability becoming known to automated mass exploitationHour 0~15 minHour 5Hour 24Day 7DisclosureThe vulnerabilitybecomes publicFirst scanningBots scan from ~15 minfor targets (Unit 42)Median: 5 hoursto the first activeexploitation (Patchstack)45% in 24 hrsof heavily exploitedflaws (Patchstack)How fast exploitation happens20%within 6 hours (Patchstack)45%within 24 hours70%in 7 daysNot achievable by handNo unattended shop patches in 5 hoursovernight by hand46% of flaws are still unpatchedat disclosure (Patchstack)Managed maintenance closes the window automaticallyFeed monitoring - virtual patching - staging test - emergency patch with rollback - around the clock5 hrsmedian to attack11,334flaws 2025 (Patchstack)91%in plugins (Patchstack)~15 minto first scan (Unit 42)
Sicherheit Jun 29, 2026

WordPress Patch Window: 5 Hours to Attack

In 2026 the patch window has shrunk to a median of 5 hours. Why no self-maintained shop keeps up manually and how managed maintenance patches automatically.

14 min read Read →
WAF and bot management: every request is inspectedIncoming trafficReal customersbrowser, mobileGood botssearch, AIBad botsscrapers, attacksWAF and bot managementSignatures / OWASP CRSRate limitingBot score / behaviourGeo / IP reputationChallenge / CAPTCHAAllowed throughcustomers and good bots50.4%human traffic 2023 (Imperva)Blocked / challengedattacks and fake traffic32%bad bots 2023 (Imperva)Why ongoing protection belongs to maintenance67.5%bad bot traffic inGermany (Imperva 2024)+250%account takeoverattacks 2024 (Kasada)+108%more DDoS attacks2024 vs 2023 (StormWall)57.5%bot share of web2026 (Cloudflare)
Sicherheit Jun 26, 2026

WAF and Bot Protection in Live Shop Operation

WAF and bot management as part of maintenance: how to protect your shop against automated attacks, scraping and fake traffic in live operation.

13 min read Read →
Disaster Recovery: RTO and RPO on the Recovery TimelineOutageLast backupRPO: max data lossShop back onlineRTO: max downtimeDetectFailoverRestoreVerifyDaily backupSnapshotOffsite copyTested DR plan instead of backups only: protection tiersTierData pointRestartMaturityBackup onlyRPO 24hRTO daysuntestedDR planRPO 1hRTO hourstestedHot standbyRPO minutesRTO minutesautomatedRPO defines data loss, RTO defines downtime -- both only reliable through regular restore tests
Wartung Jun 24, 2026

Disaster Recovery: Restoring Your Shop After an Incident

Disaster recovery for online shops: a DR plan, tested restores and defined RTO and RPO targets -- going beyond plain backups, explained step by step.

16 min read Read →
CVE management pipeline: from alert to applied patchFour phases with clear ownership instead of an uncontrolled patch flood1. DetectCVE feeds and advisoriesInventory per shop componentSBOM and dependenciesKEV cross-check (CISA)48,185 CVEs 2025 (Zafran)2. PrioritizeCVSS severityEPSS exploitation riskExposure and contextBusiness impact shop~30% used on day 0 (VulnCheck)3. TestStaging clone of productionApply patch and verifyRegression test checkoutRelease gateno live risk (project)4. DeployMaintenance windowRollback readyMonitoring afterwardsLogged in the recordauditableThe patch gap in numbers26%critical KEV flaws fully fixed (Verizon)43 daysmedian to patchStructured in the maintenance contractFixed response times instead of chanceDetect - Prioritize - Test - Deployevery step documented and auditableVulnerability exploitation is the leading initial access with a 34% rise (Verizon DBIR 2026)From reactive chasing to a predictable patch cycleInventory - risk scoring - staging test - maintenance window with rollback - record
Sicherheit Jun 22, 2026

CVE Management for Online Shops: Plan Patches

Security patch and CVE management for online shops: detect vulnerabilities, prioritize by risk, test on staging and deploy patches in a controlled way.

14 min read Read →
Performance Monitoring in the Maintenance ContractLive Dashboard: Uptime + Response Time + Core Web Vitals + SLA ReportingUptime (30 days)99.96%Target SLA 99.9%Response time p75248msBudget 400msLCP p751.9sThreshold 2.5sResponse time trend against SLA target lineSLAAlert: response-time regression detectedTrigger: p75 248ms briefly exceeds budgetCause: new plugin after update (regression watch)Escalation: email instantly, then SMS after 5 minStatus: acknowledged, rollback in maintenance windowMonthly ReportSLA metAvailability99.96%Avg. response212msCWV status3/3 goodIncidents10.1s faster load = +8.4% retail conversions (Google/Deloitte, Milliseconds Make Millions)
Monitoring Jun 19, 2026

Anchor Performance Monitoring in Your Maintenance SLA

Make performance monitoring a fixed SLA component: performance budgets, alerts, monthly reports and regression watch for consistently fast online shops.

13 min read Read →