Quality Developers

If you've used other marketplaces in the past, you've likely run across developers that weren't very good. At Commerce Hero, we vet all Magento developers personally.

Transparent Pricing

Our developers aren't cheap, but you can see right up front what their rates are. Why go through a song and dance with a sales person just to find out what their rates are?

See Availability

If you've worked with freelancers in the past, you know their availability is subject to change. We eliminate the uncertainty by showing you their availability at a glance.

Skills

Magento is a complex system, and even the strongest Magento developers have areas of specialty. Find developers with experience in the specific areas you need.

Search

Drill down to find exactly the developer you need. Search by location to find a developer in your area. You can also search by skill set, their rates, reviews, and more.

Free

The price is right, at no cost to you, the hiring company. We charge developers a small percentage of projects that are booked through Commerce Hero.

A server-side scanning system to detect Magento malware. Rules are community sourced.

MageReport.com 1 year ago

MageReport is the authoritative tool for checking your store's security and performance. Over 4 million scans have been requested, used by agencies and developers globally.

MageReport won the Meet Magento award for best community project!

The Mage Security Council is a collaboration of Magento hosting providers, agencies and developers to improve Magento market share and security.

How not to suck at data validation and output: Security is an important aspect of web application development. In this talk we’ll have a look on methods and ways Magento 1 and 2 provide to increase security.

Stolen customer data, unreachable shops, blackmailings - there is a long list of possible attacks on Magento shops. Andreas von Studnitz, doing Magento shops since 2008, talks about successful and attempted attacks, about security vulnerabilities and other risks. Learn what you as a shop manager can and should do to protect your shop against attacks of all kinds.

Avans Security Conference 16 hours 5 months from now

To show students and teachers of the study 'Integrated Security' at Avans in Den Bosch, The Netherlands I created a thing. This intercepted any traffic that went over it's WiFi network and displayed any found passwords and usernames on a large screen.

There is no such thing as an un-hackable site. However, we have the available tools and processes to make our customizations much more resilient to attacks. In this session, we will prepare you with strategies and tools distilled from years of working with Magento and web security. Our jobs are already complicated by creating great software. These strategies will give us the confidence that our software doesn’t contain vulnerabilities.

In this series of talks Talesh is raising awareness of tools and techniques available to help you defend your Magento sites. Each Proactive Security talk is part of a series and stands on it's own so there is no need to have attended the previous ones to derive maximum benefit from this one. In this installment we take a look at the uncanny benefits of implementing dynamic scanning tools and a hands on demo of how OWASP Zed Attack Proxy works with Magento 2.

After SUPEE-8788 release I've been very active on Magento StackExchange in order to gather all the bugs triggered by the fact and help people patching their stores without issue.

After SUPEE-7405 has been released, I've been very active on Magento StackExchange in order to gather all the bugs triggered by the patch and help people patching their stores without issue

An insight into abusing CSRF attacks via incorrectly configured cashing.

Kalen interviews Marty about the security scanning tech they've built over at MageMojo for the Magento sites they host

Virtual store developed for the group drugstore Iguatemi acting for more than 50 years, physical stores in São Paulo, Rio de Janeiro and Curitiba.

I was approached by a client who had received a notice from their host because their site had been breached and as part of the breach phishing pages were hosted on their server. As part of the engagement I cleaned up malware off the site, did a detailed audit of the code and made sure it was all clean. I also introduced additional security measures like http auth for admin pages, IP based SSH restrictions, key based ssh auth, database cleanup.

I would be responsible for applying security patches for many of the enterprise clients at my agency, which is a silver Magento partner.

Names2glue Security Patches 24 hours 8 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

Angy Security Patches 24 hours 8 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

EbaFestas Security Patches 24 hours 8 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

Marukom Security Patches 24 hours 8 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

Bagme Security Patches 24 hours 8 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

Tudovet Security Patches 24 hours 8 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

Lmtda Security Patches 24 hours 8 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

This official guide published by Magento outlines a multifaceted approach to improve the security of your Magento installation. I was a co-contributor to the publication and also volunteered answering questions on both the Official Magento Community Forums and the Magento Stack Exchange site. Content from the forums posts that we created was used as the basis for this Magento Security Best Practices Guide.

Current Version: https://magento.com/security/best-practices/security-best-practices

Co-Contributors:

  • Piotr Kaminski
  • Anna Völkl
  • Willem de Groot
  • Robert Mangiafico
  • Roman Tsiupa

Security audit and installation of updates for Magento 2 marketplace.

What People Are Saying

Frequently Asked Questions

What's the cost?

We charge a percentage of referred projects (or full time hires). In the case of projects we'll charge the company being hired, and in the case of recruiting we'll likely charge the hiring company.

What markets is this available in?

We will be initially targeting North America and major European markets. We will eventually get to other markets as well. This will simplify a number of factors for us including quality.

Is this going to be a race to the bottom like other marketplaces?

Nope - in fact we won't even allow developers to charge fees that are lower than what we consider reasonable for quality Magento development work. This service is all about quality.

What if we want to hire someone locally?

While we would greatly encourage all hiring companies to consider remote developers, we will also be offering some support for hiring locally as well, including outreach to specific markets.

Do you think Little Bobby Tables should be a Commerce Hero?

Sign up now to add your profile to the site!

This Page Is Curated By

All throughout his 18 years working with web application development Talesh Seeparsan has also held a keen interest in security. Given the recent renewed interest in web application security Talesh has started evangelizing defensive development practices in the Magento community. He also runs the MageDef podcast.

Kalen Jordan has been involved in the Magento community for several years - having founded a SaaS app for Magento, cohosted the Magento community podcast, and contributed to many open source projects. Kalen is passionate about building a marketplace to connect great developers with great merchants and agencies.

Eric Hileman has been working with Magento since 2009, having built a Magento-specialized hosting company. With so many of MageMojo's customers struggling to find good help when it comes to Magento development, Eric has experience first-hand the need for a quality marketplace to bring great developers and merchants together.