solutions for e-commerce

13 years of business 2555 reviews 4.9 average rating
Magento 2

Watchlog Pro

Stop all intrusion attempts into your Magento backoffice! Automatically block unallowed IP and get real time reports about security threat. Keep your website safe!

5/5 rated
15 Reviews
from €195
User guide

Watchlog PRO - Security enhancement for your Magento 2 website

The Watchlog Pro extension will allow you to list the IP addresses that try to access your Magento 2 back office, and to stop these intrusion attempts mainly by adding these IP addresses to a blacklist.

Possible brute force attack on Magento

Thousands of Magento websites are certainly concerned by this very large brute force attack which aim is clearly to force access to Magento back offices.

The principle of that kind of attack is simple: robots try to log into your back office using multiple login/password combinations until they find the correct credentials.

Once these credentials are identified, your Magento website becomes easy prey for hacking: exploitation of your database, diversion of your payments, hacking, unfair competition...

Several users have already reported some IPs.

What to do?

The login attempts can occur several times a minute and can reach several tens of thousands of attempts every day which will deeply threaten the security of your website as you can see on the screen below.

This is why it is important to protect your Magento 2 website against brute force attacks.

Check if your Magento 2 website is hacked

You can first install our free Watchlog extension for Magento 2 to detect the intrusions into your Magento 2 back office in order to track any login attempt.

You'll then be able to see all the login attempts made from your website on 2 graphs.

The detail of each login attempt will be displayed below these 2 graphs. You'll find the IP addresses, dates, logins, and passwords...

Bypass the attacks

Fortunately, these attacks are easy to bypass! Several solutions exist to make your back office invisible to robots that try to log in:

  • Modify the name of your back office
  • Activate captcha for your back office
  • Restrict the access to your back office by IP with htaccess

You can also use the Watchlog Pro extension for Magento 2 that will act as a firewall and replace all the above steps.

The admin of Magento 2 can be concerned with these brute force attacks so you need to make sure to protect each entrance to your Magento 2 back office.

How to use Watchlog Pro for Magento 2?

The Watchlog Pro extension allows you to detect if your Magento 2 website is threatened by any possible brute force attack and it gives you the ability to protect your website against it. You can start using the extension very quickly following 3 simple steps.

STEP 1: Configure Watchlog Pro in a general way

To start configuring Watchlog Pro for Magento 2, go to:
StoresSettingsConfigurationWyomindWatchlog Pro

General Settings

In the General Settings tab, you'll be able to configure the lifetime of the history and activate the logs.

  • History lifetime in days
    Define a history lifetime in days. For example, you'll be able to define the history lifetime as 30 days in order to automatically purge the history of all the login attempts that are older than 30 days. 
  • Enable Log
    By activating that option, a log file will be generated in var/log.

Periodical Report

In the Periodical Report tab, you'll be able to configure the login reports:

  • Send a periodical report
    You can choose to receive periodical reports. If you enable the periodical reports, you'll have to configure the following options.
  • Period to report in days
    Define how many days you want to include in your report.
  • Sender Email
    Add the email address of the sender.
  • Sender Name
    Add the name of the sender.
  • Send the reports to
    Add the email addresses of the recipients separated by a comma.
  • Report title
    Define a title for your report.
  • Report schedule
    Define a schedule to automatically send the reports.

You'll then receive a periodical report as below.

White/Blacklist settings

Watchlog Pro gives you the possibility to create a whitelist as well as a blacklist of IPs. In the White/Blacklist settings tab, you can define your own parameters by filling in a certain number of fields:

  • Whitelisted IPs
    Click on Add IP to add an IP address to the whitelist.
    You also have the possibility to add a Note that will be displayed in the login attempts grid.
  • Secret key to whitelist your IP
    If your own IP is blacklisted, you can use that secret key to whitelist it.
  • Allow access to whitelisted IPs only
    Choose to allow access to whitelisted IPs only.
  • Blacklisted IPs
    Click on Add IP to add an IP address to the blacklist.
    You can define an end date and hour for blocking the IP address.
    You also have the possibility to add a Note that will be displayed in the login attempts grid.
  • Number of attempts before being blacklisted
    Define a number of attempts before the IP is automatically blacklisted.
  • Blacklisted IPs blocked for X minutes
    Choose to blacklist the IPs for a defined period of time.
  • Message to display if blocked
    Define a message that will be displayed if someone with a blacklisted IP tries to log in to your admin panel.

Blocked IP Report

You'll be able to receive a report every time an IP address is blocked. For this, you can configure the report in the Blocked IP Report tab:

  • Send a report when an IP is automatically blocked
    Choose to receive a report when IPs are automatically blocked or not. By setting that parameter on YES, more options should display.
  • Sender Email
    Fill in the email of the sender.
  • Sender Name
    Add the name of the sender.
  • Send the reports to
    Enter the email addresses of the recipients separated by a comma.
  • Report title
    Define the name of your report.

STEP 2: Check the login attempts to your Magento 2 admin

To have an overview of the connection attempts to your Magento 2 back office, go to:
StoresWatchlogConnection attempts

Login attempts charts

On that page, you'll get 2 graphs that retrieve the login attempts statistics.

These graphs are based on 2 different periods of time in order to provide you with maximum information. The first chart will display the statistics in the last 30 days whereas the second one will sum up the login attempts in the last 24 hours.

Both graphs show 3 different curves:

  • Success: login attempts that succeeded
  • Blocked: login attempts that have been blocked
  • Failed: login attempts that failed

If you hover the mouse over the different points of the curves, you'll get the detail of the number of connection attempts at a specific date.

Login attempts detailed grid

Below the 2 graphs, you should find the summary of the login attempts over the last days retrieved in a grid. The login attempts data are retrieved into specific columns:

  • IP
    The IP that tried to log into your Magento 2 back office.
  • Date
    The date when the IP tried to log in.
  • Login
    The login used.
  • Password
    The password used to log in.
  • Message
    The message displayed when trying to log in.
  • Url
    The URL from which the IP tried to log in.
  • Status
    The status of the IP (Success, Failed, or Blocked).

By clicking on any IP address, you'll be redirected to www.abuseipdb.com which will automatically check that address. This allows you to see in one click if the IP address has already been reported by other users. 

You have the possibility to purge history by clicking on Purge history now and to send the report of the login attempts by clicking on Send the periodical report now.

Login attempts summarized grid

You can get a summarized view by clicking on Switch to the summarized view. From that new grid, you will get a table with the basic information:

  • IP
    The IPs that tried to log in
  • Last Attempts
    The date of the last attempt
  • Attempts
    The number of login attempts
  • Failed
    The number of failed login attempts
  • Succeeded
    The number of login attempts that succeeded
  • Blocked
    The number of login attempts that have been blocked (these IP addresses won't have access to the Magento 2 admin login page)
  • Action
    You can directly add these IP addresses to the white and blacklists

To remove an IP address from a list, simply click on Remove IP from the white/blacklist.

You will be able to see if you have already blacklisted or whitelisted some IP addresses. Indeed, they will be displayed in black or white boxes. In the case where an IP is whitelisted and blacklisted at the same time, the whitelist will always have the upper hand.

By default, both tables display data for the last 30 days. This can be easily modified in the History lifetime in days field, from :
StoresSystemConfigWyomindWatchlog

Note that to go back to the detailed view, you just have to click on Switch to the detailed view.

STEP 3: Manage traffic to your Magento 2 back office

With Watchlog Pro, you can easily control and manage the traffic to your Magento 2 admin. You have 2 possibilities for doing it:

  • Whitelist IPs
  • Blacklist IPs

Add IPs to the whitelist

You can add as many IP addresses as you want to the whitelist. For this, go to:
StoresSettingsConfigurationWyomindWatchlog Pro

In the White/Blacklist settings tab, look for the Whitelisted IPs option. To add an IP address to the whitelist, click on Add. Then in the IP field, simply enter the IP address you want to whitelist.

Note that you can use wildcards (*) directly in the whitelisted IPs list.

For example, to automatically add all IPs between 111.168.0.0 and 111.168.0.255 to the whitelist, write:
111.168.0.*

To whitelist all IPs between 111.168.0.0 and 111.168.255.255., add:
111.168.*.*

If you want to remove an IP address from the whitelist, simply click on the bin in the same line.

For very limited access, you can then set the Allow access to whitelisted IPs only option to YES, so that only the IP addresses you have defined are authorized to log in.

In the case where your own IP address is blacklisted, you can use your secret key at any time to go back to your Magento 2 admin.

Add IPs to the blacklist

To stop IP addresses from logging into your Magento 2 admin, you only need to add them to your blacklist.

For that, go to:
StoresSettingsConfigurationWyomindWatchlog Pro

In the White/Blacklist settings tab, look for the Blacklisted IPs option. To add an IP address to the blacklist, click on Add. Then in the IP field, enter the IP address you want to block.

You can also set a date after which the IP address won't be blacklisted anymore. Leave that field empty to indefinitely block the IP.

Finally, to remove an IP address from the blacklist, simply click on the bin in the same line.

Prevent your Magento® 2 website from brute force attacks with Watchlog PRO!

List the IPs that try to access your Magento® 2 back office, and stop these intrusion attempts by adding these IPs to a blacklist.

  • Lifetime license
  • 12 months support & upgrade
  • 60 days money-back guarantee
  • Extensible source code
    Unlimited test domains
  • Free composer access
  • Marketplace approved
Want to know more?

Follow the traffic on your Magento® admin

View the daily and monthly login attempts in graphs.

Get a detailed and summarized table of the login attempts.

Receive a periodic report on the statistics by email.

Filter any login attempt to your Magento® admin

Whitelist
Create a whitelist of IPs. 

Blacklist
Create a blacklist of all unauthorized IPs.

Secret Key
Set a secret key to prevent your IP from being blacklisted.

Manual
Manually add each IP you want to block to the blacklist.

Automatic
Automatically block IPs after a certain number of attempts.

Report
Receive a report every time an IP is blocked.

Keep track of the connection attempts

Set history lifetime in days and automatically purge all connection attempts that are older.

Identify the login attempts backdoor URL: HTaccess, Downloader, Admin...

Freqently Asked Questions
Pre-sales informations

This extension works with Magento Community Edition and also Magento Enterprise Edition. To know if Watchlog Pro is compatible with your Magento version, please check the Compatibility tab.

Magento offers three variations of its product.

As their names have changed over the past few years, here is a recap:

  • Magento Open Sourcepreviously Magento Community Edition (CE), is a free and non-hosted e-commerce platform.
  • Magento Commerce: previously Magento Enterprise (EE), is the paid version of Magento and offers support services.
  • Magento Commerce Cloud: is the paid version of Magento and offers support and hosting services.

Even though Watchlog and Watchlog Pro both allow you to list each connection attempt to your Magento 2 backoffice, Watchlog Pro is more complete. It offers more options than the free version in order to detect and stop these intrusion attempts.

Watchlog

Watchlog Pro

Connection attempts charts

Check the daily and monthly login attempts charts.

Connection attempts tables

Get detailed and summarized tables of the login attempts data.

Connection attempts history

Define the history lifetime and receive periodical reports.

Blacklist and Whitelist

Create a whitelist and a blacklist of IPs, allow access to whitelisted IPs only.

Automatically or Manually block IPs

Block IPs after X login attempts, block the blacklisted IPs for X minutes.

The Watchlog and Watchlog Pro extensions will allow you to check if your Magento 2 website is attacked.

In a first time, we advise you to install the free Watchlog extension in order to check the possible login attempts to your admin.

If it turns out that your Magento 2 website is hacked, you can protect your Magento 2 admin following below steps:

  • Modifiy the name of your Magento 2 backoffice
  • Activate the captcha to access your Magento 2 backoffice
  • Limit the access to your backoffice to some IP addresses only (htaccess)

Note that the Watchlog PRO extension will act as a firewall and will replace the above steps by blocking the IP addresses that are trying to access your Magento 2 backoffice.

License and domains

A license is valid for an unlimited period of time on one single installation

  • If you're using more than one installation, you will have to buy a separate license for each instance.
  • if you're running several domains on a same installation, you will need only one license for all of them.
Although your license doesn’t have a limited period of validity, your Support & Upgrade period does. By purchasing a module, you’ll be granted a 12-month support period for free. Passed this period, you will have to pay for a new one (see FAQ: Extend your Support period)

You can pre-register your live domain to your license in advance.

Thanks to this option, you'll be able to get the module ready to use on your domain before it goes live.

To pre-register your production domain: 

  1. Go to:
    mY accountLicenses & DOwnloads
  2. Click on the Settings icon next to the module you want your domain to pre-register on.
  3. Click on the link at the bottom of the page saying:
    Do you want to pre-register your domain in order to be ready to go live?
  4. Finally, enter your domain name and click on pre-register now .

Attention, this doesn't mean your license is activated. You'll still have to activate it on your new domain when the module is installed. 

One license is valid for an unlimited period of time on one installation only. However, it is possible to extend or transfer your license in 2 cases: 

  • If you would like to add your testing environments to your license. 
    In that case, it is possible to extend your license to an unlimited number of domains for free.
    For  mywebsite-staging.com or mywebsite-dev.com
  • If you want to transfer your license to another live domain.
    In that case, the Support & Upgrade period for your license must still be active.

To be able to use Watchlog Pro on both your production and testing environments, follow the instructions below:

  1. Download Watchlog Pro.
    (see FAQ: Extensions download)
  2. Install Watchlog Pro on your environment.
    (see FAQ: Modules installation in Magento or in WooCommerce)
  3. Activate the license.
    (see FAQ: Licenses activation in Magento or in WooCommerce)

Also, if you are managing a large amount of domains, please contact us so that we can automatically whitelist these domains.
Modules versioning and download

In order to download Watchlog Pro, log into your Wyomind account:

    1. Go to:
      my accountLicenses & downloads 
    2. Click on the settings icon next to Watchlog Pro.

      A new window opens.

    3. Click on the download icon.

 

Only the latest extension version released within your Support & Upgrade period is available. In order to get the very latest extension version make sure your Support & Upgrade plan is up to date.

When purchasing a module from wyomind.com, you benefit from 12 months of upgrade. Within this period you can at any time download the latest version of the module directly from your account.

To upgrade Watchlog Pro, follow the steps below:

  1. Go to:
    my accountLicenses & Downloads
  2. Click on the settings icon next to Watchlog Pro.
  3. Click on the download icon.
  4. Install the new version of Watchlog Pro in your Magento admin or your WooCommerce back-office.

Modules Installation/Uninstallation

You can install Watchlog Pro manually.

  1. Download Watchlog Pro (zip file) on:
    mY ACCOUNTLicenses & Downloads
     
    Refer to the FAQ: Extensions download
  2. Once Watchlog Pro is downloaded, open the folder and unzip it.
  3. Copy the content of the unzipped folder and paste all files and directories in your Magento 2 root directory.
  4. In your Command Line Interface, execute:
    bin/magento setup:upgrade 

    If you are using a production mode, execute also:

    bin/magento setup:static-content:deploy  
    bin/magento setup:di:compile  

You can install Watchlog Pro using Composer software in two cases:

  • if you purchased Watchlog Pro on Magento Marketplace.
  • if you purchased Watchlog Pro on Wyomind.com AND requested access to our repository:
    repo.wyomind.com
  1. Add to your composer configuration our repository:
    composer config repositories.wyomind composer https://repo.wyomind.com 

  2. Execute Composer command:
    composer require wyomind/watchlogpro
  3. Then go in your Command Line Interface and execute:
    bin/magento setup:upgrade ​
  4. If you are using a production mode, also execute:
    bin/magento setup:static-content:deploy  ​
    bin/magento setup:di:compile​

To uninstall Watchlog Pro, start with disabling the extension running the following command:

bin/magento module:disable Wyomind_WatchlogPro

Then, you have 2 ways to uninstall the extension depending on how the extension has been previously installed: 

  • Manual installation

    Run the watchlogpro-uninstall.sh file (you can find it in the extension zip folder) from your Magento root directory:

    sh watchlogpro-uninstall.sh

     

  • Installation via Composer

    Run the below command line:

    composer remove wyomind/watchlogpro

Once the uninstallation is over, refresh your cache and enable the compiler back again (if you use it). 

You can install Watchlog Pro via Web Setup Wizard if you purchased it from Magento Marketplace only.

To know how to proceed, all steps are described in the link below: 
http://docs.magento.com/m2/ce/user_guide/system/component-manager.html

Next step is to activate your license:
Extension activation

Modules activation

Once Watchlog Pro is installed, you have to activate the license. For previous versions, you can activate the license from your back-office:

    1. Go to your Magento admin panel. A message pops up at the top of the page.


      If the message doesn't appear then you must check that:

         1. The Adminhtml_Notifications and Wyomind_Core modules are well enabled.
         2. The HTML output of the Adminhtml_Notifications and Wyomind_Core modules are not disabled in:
      storesconfigurationadvanced advanced
         3. The encryption key well exists in app/etc/env.php:
      <?php
       return array(
       'backend' => array(
       'frontName' => 'admin'
       ),
       'crypt' => array(
       'key' => '1e8f3c6772b7a6a6689c3c8cefa4ccf0'
       ),
       /* ... */
       )
      ?>​
    2. Copy your activation key in:
      StoresConfigurationWyomind Your extension

      You can find your activation key in 2 different places:
      In the confirmation email that you received after purchasing Watchlog Pro.
      In your Wyomind account:My account Licenses & downloads
      Select Watchlog Pro and click on  .

      A new page opens where you'll find your activation key (see below).


    3. In your Magento admin go to:
      StoresConfigurationWyomind Your extension

      Paste the activation key in the Activation Key field and choose between the automatic (yes) or the manual (no) activation method:
      By choosing Yes, the connection to Wyomind license server will be automatic.
      By choosing No, you will have to log on to Wyomind license server yourself.

    4. Click on Save config .
    5. A message appears at the top of your admin panel. Click on that link: 
      Activate it now!
    6. Copy and paste the license code in the License code field from your admin or simply click on Activate now! 


    7. Finally, refresh your cache, log out and log in back straight after, to complete the installation.

When the extension includes other modules, repeat the steps described above for each one, using the corresponding activation keys (each module has its own activation key).

Add another domain to your license


To activate the license on another domain (test, staging...):

  1. Once the extension is installed on the new domain, copy your activation key in:
    StoresConfigurationWyomind Your extension
  2. After having saved the configuration, a notification appears. Click on Add this domain to my license.

  3. A transfer request will then be sent to our team within an hour.
    Once the request is taken care of, you will receive a confirmation email.
    If your transfer request is accepted, you can use Watchlog Pro on both environments at the same time.

Note that the order in which you activate your license on your domains does not matter. You can start with your staging/dev/local environment or with your live domain, the process will be the same.

Also, if you have loads of staging domains, or if you are an agency managing load of domains for your customers, please contact us so that we can automatically whitelist these domains.

Once Watchlog Pro is installed, you have to activate the license.

For this, you can use the below command line (change the Activation key with the corresponding value):

bin/magento wyomind:license:activate Wyomind_WatchlogPro <YOUR_ACTIVATION_KEY>

To retrieve the list of all the available modules as well as the licenses status, please use:

bin/magento wyomind:license:status

 

 Among the different status, you can find: 

  • registered = your license is registered
  • pending = you need to run the activation command line
  • invalidated = the license has been invalidated due to a wrong activation key or a license infringement

 

To activate several licenses at the same time, use:

bin/magento wyomind:license:activate \
Wyomind_Extension1,Wyomind_Extension2 \
ACTIVATION_KEY_1,ACTIVATION_KEY_2

or:

bin/magento wyomind:license:activate \
Extension1,Extension2 \
ACTIVATION_KEY_1,ACTIVATION_KEY_2
Modules use

In the case where you have accidentally blocked or blacklisted your own IP address, you can at any time use your secret key to return to your Magento 2 backoffice.

You should have defined your secret key in the White/Black list settings tab from:
StoresSettingsConfigurationWyomindWatchlog Pro

For example, if in the Secret key to whitelist your IP field, you've added MYSECRETKEY, then you'll have to use the following url: https://www.mywebsite.com/watchlog/whitelist/add/key/MYSECRETKEY

This will automatically add your IP to the whitelist.

To be sure that your IP address won't be blacklisted, we advise you to add it to the whitelist. Indeed, in the case where an IP address is in the black and white list at the same time, the whitelist will always take over.

Also, for a maximum of security, you can limit the access to whitelisted IP addresses only.

Troubleshooting

This issue may be due to a problem during the installation process.

You will be able to fix it by following these steps:

  1. Access your database via your control panel (Phpmyadmin for example).
  2. From the setup_module table, delete the entry Wyomind_extension.
    Be careful, that entry depends on your extension. For example, if you have the extension called Simple Google Shopping, you should delete Wyomind_SimpleGoogleShopping.
  3. Logout from your Magento 2 admin.
  4. Log into your Magento 2 admin.
Magento 2 Compatibility

Magento 2® Open Source

  • 2.0
  • 2.0
  • 2.0.1
  • 2.0.1
  • 2.0.2
  • 2.0.2
  • 2.0.3
  • 2.0.3
  • 2.0.4
  • 2.0.4
  • 2.0.5
  • 2.0.5
  • 2.0.6
  • 2.0.6
  • 2.0.7
  • 2.0.7
  • 2.0.8
  • 2.0.8
  • 2.0.9
  • 2.0.9
  • 2.0.10
  • 2.0.10
  • 2.0.11
  • 2.0.11
  • 2.0.12
  • 2.0.12
  • 2.0.13
  • 2.0.13
  • 2.0.14
  • 2.0.14
  • 2.0.15
  • 2.0.15
  • 2.0.16
  • 2.0.16
  • 2.0.17
  • 2.0.17
  • 2.0.18
  • 2.0.18
  • 2.1
  • 2.1
  • 2.1.1
  • 2.1.1
  • 2.1.2
  • 2.1.2
  • 2.1.3
  • 2.1.3
  • 2.1.4
  • 2.1.4
  • 2.1.5
  • 2.1.5
  • 2.1.6
  • 2.1.6
  • 2.1.7
  • 2.1.7
  • 2.1.8
  • 2.1.8
  • 2.1.9
  • 2.1.9
  • 2.1.10
  • 2.1.10
  • 2.1.11
  • 2.1.11
  • 2.1.12
  • 2.1.12
  • 2.1.13
  • 2.1.13
  • 2.1.14
  • 2.1.14
  • 2.1.15
  • 2.1.15
  • 2.1.16
  • 2.1.16
  • 2.1.17
  • 2.1.17
  • 2.1.18
  • 2.1.18
  • 2.2
  • 2.2
  • 2.2.1
  • 2.2.1
  • 2.2.2
  • 2.2.2
  • 2.2.3
  • 2.2.3
  • 2.2.4
  • 2.2.4
  • 2.2.5
  • 2.2.5
  • 2.2.6
  • 2.2.6
  • 2.2.7
  • 2.2.7
  • 2.2.8
  • 2.2.8
  • 2.2.9
  • 2.2.9
  • 2.2.10
  • 2.2.10
  • 2.2.11
  • 2.2.11
  • 2.3
  • 2.3
  • 2.3.1
  • 2.3.1
  • 2.3.2
  • 2.3.2
  • 2.3.3
  • 2.3.3
  • 2.3.4
  • 2.3.4
  • 2.3.5
  • 2.3.5
  • 2.3.6
  • 2.3.6
  • 2.3.7
  • 2.3.7
  • 2.4
  • 2.4
  • 2.4.1
  • 2.4.1
  • 2.4.2
  • 2.4.2
  • 2.4.3
  • 2.4.3
  • 2.4.4
  • 2.4.4
  • 2.4.5
  • 2.4.6

Magento 2® Adobe Commerce

  • 2.0
  • 2.0
  • 2.0.1
  • 2.0.1
  • 2.0.2
  • 2.0.2
  • 2.0.3
  • 2.0.3
  • 2.0.4
  • 2.0.4
  • 2.0.5
  • 2.0.5
  • 2.0.6
  • 2.0.6
  • 2.0.7
  • 2.0.7
  • 2.0.8
  • 2.0.8
  • 2.0.9
  • 2.0.9
  • 2.0.10
  • 2.0.10
  • 2.0.11
  • 2.0.11
  • 2.0.12
  • 2.0.12
  • 2.0.13
  • 2.0.13
  • 2.0.14
  • 2.0.14
  • 2.0.15
  • 2.0.15
  • 2.0.16
  • 2.0.16
  • 2.0.17
  • 2.0.17
  • 2.0.18
  • 2.0.18
  • 2.1
  • 2.1
  • 2.1.1
  • 2.1.1
  • 2.1.2
  • 2.1.2
  • 2.1.3
  • 2.1.3
  • 2.1.4
  • 2.1.4
  • 2.1.5
  • 2.1.5
  • 2.1.6
  • 2.1.6
  • 2.1.7
  • 2.1.7
  • 2.1.8
  • 2.1.8
  • 2.1.9
  • 2.1.9
  • 2.1.10
  • 2.1.10
  • 2.1.11
  • 2.1.11
  • 2.1.12
  • 2.1.12
  • 2.1.13
  • 2.1.13
  • 2.1.14
  • 2.1.14
  • 2.1.15
  • 2.1.15
  • 2.1.16
  • 2.1.16
  • 2.1.17
  • 2.1.17
  • 2.1.18
  • 2.1.18
  • 2.2
  • 2.2
  • 2.2.1
  • 2.2.1
  • 2.2.2
  • 2.2.2
  • 2.2.3
  • 2.2.3
  • 2.2.4
  • 2.2.4
  • 2.2.5
  • 2.2.5
  • 2.2.6
  • 2.2.6
  • 2.2.7
  • 2.2.7
  • 2.2.8
  • 2.2.8
  • 2.2.9
  • 2.2.9
  • 2.2.10
  • 2.2.10
  • 2.2.11
  • 2.2.11
  • 2.3
  • 2.3
  • 2.3.1
  • 2.3.1
  • 2.3.2
  • 2.3.2
  • 2.3.3
  • 2.3.3
  • 2.3.4
  • 2.3.4
  • 2.3.5
  • 2.3.5
  • 2.3.6
  • 2.3.6
  • 2.3.7
  • 2.3.7
  • 2.4
  • 2.4
  • 2.4.1
  • 2.4.1
  • 2.4.2
  • 2.4.2
  • 2.4.3
  • 2.4.3
  • 2.4.4
  • 2.4.4
  • 2.4.5
  • 2.4.6
User's reviews
Log into your account to leave your review and get up to 3 months of free Support & Upgrade.

27th June 2019

must have extension for security

I recommend this extension for every Magento site owner, Watchlog is a must have extension. I am using it for a few years now and it gives peace of mind about my sites security. Watchlog gives perfect information about login-attempts including IP address (with a direct link to an abuse database) and url where the attempt was made. The extension blocks every brute force attack after a few tries and with the Ip address info it gives it makes it easy to block access to my server via my firewall.

14th May 2019

Security - saves my store

This extension for Magento is very very helpful. Every day blocked many logins and IP's. Best security system for my stores. It blocks access and I do not have to worry. Previously, I had to block manually. Now the matter has been settled!

Szymon - User for more than 6 years |Magento 1

3rd October 2018

Peace of mind

Give us peace of mind that our Magento sites are secure. The daily reports via email provide a quick overview. I would recommend this to any Magento store owner. Currently, we have 3 sites secured using WatchLog Pro.

Iain - User for more than 6 years |Magento 1

6th August 2018

Great extension

This is a must have extension for Magento. Not only does it give you a real time view of any brute force hack attempts but also cuts them off as advertised. I would whole heartedly recommend this extension to any Magento site owner/developer

13th April 2018

Wyomind is an Established Extension Developer

I use the Wyomind Watchlog Pro extension because there is no other module like it. It has alerted us several times to multiple attempted unauthorized login attempts.I highly recommend this extension. Wyomind has a support staff as well.

28th March 2018

Worth every penny & Peace of Mind !

We were already using Watchlog as had a number of other modules from Wyomind before and it was installed from them. We recently got hit by a Brute Force Attack on locations which are vulnerable in Magento1. We upgraded to Watchlog pro and had peace of mind that the IPs were being automatically blocked. Over 45K Connections per day .. had to upgrade the server software so it didnt fold. Wyomind support is always prompt and helpful. Would recommend this company for any Magento modules. The build good stuff, and then support which is vital when adding additional features to your Magento Store. Got a small glitch with the cron firing every 30mins and sending me notification emails... still not figured that one out yet but will resolve with Wyomind support soon.

Al

14th March 2018

It's like having a dog in the garden...

Brute force attacks are daily news nowadays and, besides not always needing worrying (if set up is safe) for every attempt, having a dog barking in the garden is useful, so that you might know if there actually is something going wrong or not. And with the increasing number of Magento installations, you risk entering the attackers attention With WatchLogPro you can anyway easily block any attempt, even if coming from different IPs, and make attackers look somewhere else. It is also good to keep track of who accessed your backend, from where, and when... The name says it all: it's a WatchDog+Logger..

7th October 2017

Excellent !!

Have been using extensions form Wyomind for 2 years now. Absolute stable and greatly thought through! Watchlogpro gives me the security my site really needs.

Sander - User for more than 7 years |Magento 1|Magento 2

7th June 2017

Instant relief from brute force attacks...

We have had major attacks over the past months and even though the free version lets you know this, we couldn't risk ignoring this and upgraded to the pro. It's a fantastic tool and would recommend it to anyone. It uses a simple UI so no confusion to blocking I'P's on the fly. Keep up the good work.

30th March 2017

Helped to protect the website

Watchlog helped to define competitors who were trying to scrape our prices and hack our admin area, so we were able to adjust our firewall, without going deep into server logs!

Art

15th February 2017

Watchlog has been invaluable in helping to protect my site from hackers

Only today I received nearly twenty email from Watchlog that an IP had been blocked after 10 attempts. It offers peace of mind knowing that someone is watching the back door and keeping the site secure. I can only imagine how bad it would be without this extension.

16th December 2016

10+

After install I have solved my security problems

BSA - User for more than 8 years |Magento 1

10th December 2015

You don't know, but you need this... or will...

Well,
it all started when the ISP told me (lucky me I was told) the website was under a massive attack from foreign countries...
I've installed the FREE version of this useful extension, which gave me the idea of the dimensions of the attack.
I immediately thought about the costs of recovering a possible take down and I decided the cost of this extension could be worth the risk.
I can assure you now I can sleep perfectly, without any worrying about it.
I just check the report every morning, just to notice who should come in did with no problem and who should stay out, STAYED OUT ! :-)
To be honest I've faced some troubles during install due to the presence of some other extension, but the support team did a great job within minutes and I barely remember this...
Would buy again...

mickymix

17th April 2015

Very good solution to stop intrusion attempts

Works as described. As always Wyomind was very quick to react when I needed some support.

DVJN

17th April 2015

Simply perfect!

We installed this extension after a brute force attack. The installation was easy and done in a few minutes. I was not sure about the correct configuration so that I had to sent an e-mail to the support team. Paul from WYOMIND completed the configuration for me with no extra costs!

cheffe00
Changelog

Initial release for the master version

Initial release for the legacy version

Compatibility

  • Compatibility with Magento v2.4.6 + PHP v8.2
  • Remove unwanted class property definitions 
  • Better schema upgrade and data upgrade management
  • Fix for the incompatibility of the addRecord method depending on the version of the PHP Monolog library
  • Use of db_schema.xml
  • Fix for a missing namespace import
  • Fix for compatibility with Magento 2.4.4
  • Fix for the display of the attempts grid summarized view

  • Fix for removing IPs in the white/black lists when they are automatically added

Enhancements

  • Possibility to add a note in front of whitelisted/blacklisted IPs
  • Above note displayed in the attempts grid
  • License is not reactivated if the module is not installed yet

Bug Fix

  • Fix for taking into account several whitelisted IPs
  • Fix when blacklisted IPs don't have dates

Compatibility

  • Compatibility with Magento 2.4
  • Minor fix on code
  • Minor fix for the license system

Enhancements

  • Improved scenario for the demo
  • Minor fix on code

Enhancement

  • Improved license management system (Clear code)
  • Scenario added for the demo
  • Compatibility fix for Magento 2.3.3
  • Sample date available for the demo

Compatibility

  • Compatibility with Magento 2.3
Patch v2.2.0.4

  • Fix on code

Patch v2.2.0.3

  • Minor fix

Patch v2.2.0.2

  • Fix on a typo

Patch v2.2.0.1

  • Minor fix

Enhancement

  • The firewall IP is now taken into account

Enhancements

  • Magento v2.2.1 compatibilty

Enhancement

  • Compatibility with Magento v2.2.0
Patch v2.0.5.2

  • Fix for the data update script

Patch v2.0.5.1

  • Fix for the data update script

  • Code source update

Compatibility:

  • Watchlog Pro is compatible with Magento 2.1.0

Compatibility:

  • Watchlog Pro is compatible with Magento 2
Demo store
Front-end
Back-end
Login
WatchlogPro
Password
WatchlogPro123

Recommended Magento 2 extensions

from €395
4.7/5 rated
3 Reviews

Provide your customers with fully optimized and responsive layered navigation on your category and search results pages thanks to the Advanced Layered Navigation for Magento 2!

more details
from €295
5/5 rated
1 Review

Optimize your order management and automate the orders' assignation to the appropriate sources by creating custom algorithms and keep your stocks up to date with MSI Order Management.

more details
from €395
5/5 rated
7 Reviews

Improve your search results with a multi-faceted autocomplete including filterable attributes, products sorting, and many display options available for Magento 2.

more details
Free
4.6/5 rated
10 Reviews

Prevent your website from brute force attacks which aim is to force the access to your Magento backoffice. Watchlog helps you to identify and definitively stop such attacks!

more details

Stay tuned and get a coupon code of 10% off any purchase while creating your account!

Subscribe now for updates, promotions and products launch twice a month at most.

Please indicate a valid email