Watchlog - Security enhancement for your Magento 2 website
Possible large scale brute force attack on Magento!
Thousands of Magento websites are certainly concerned by this very large brute force attack which aim is clearly to force access to Magento back offices.
The principle of that kind of attack is simple: robots try to log into your back office using multiple login/password combinations until they find the correct credentials.
Once these credentials are identified, your Magento website becomes easy prey for hacking: exploitation of your database, diversion of your payments, hacking, unfair competition...
What do do?
The admin of Magento 2 can be concerned with these brute force attacks so you need to make sure to protect each entrance to your Magento 2 back office.
Check if your website is subject to these attacks
You can install our free Watchlog extension for Magento 2 to detect the intrusions into your Magento 2 back office in order to track any login attempt.
Bypass the attacks
You can easily bypass these kinds of attacks!
Several solutions exist to make your Magento 2 back office invisible to robots that try to log in:
Modify the name of your Magento 2 back office
Activate captcha for your Magento 2 back office
Restrict the access to your Magento 2 back office by IP with htaccess
You can also use Watchlog PRO that will act as a firewall and so replace all the above steps.
Watchlog Free Vs Watchlog Pro
While the free extension Watchlog lists the IPs that try to access your Magento 2 back office, Watchlog PRO will also help you to stop these intrusion attempts.
Watchlog PRO is a more complete version that offers more options than Watchlog.
Connection attempts charts
Check the daily and monthly login attempts charts.
Connection attempts tables
Get detailed and summarized tables of the login attempts data.
Connection attempts history
Define the history lifetime and receive periodical reports.
Blacklist and Whitelist
Create a whitelist and a blacklist of IPs, allow access to whitelisted IPs only.
Automatically or Manually block IPs
Block IPs after X login attempts, block the blacklisted IPs for X minutes.
How to use the Watchlog extension for Magento 2
Watchlog is a free and easy to use extension for Magento 2. You'll be able to see very quickly if your Magento 2 back office is threatened by a brute force attack and if someone or some robots are trying to log into your Magento 2 admin panel.
STEP 1: Install Watchlog
To install the Watchlog free extension on your Magento 2 admin, follow the below steps:
Before installing the extension, it's advisable to backup your Magento 2 installation.
Then, you need to refresh caches in: SystemToolsCache Management
Now you can download the zipped extension from: your Wyomind accountdownloads
Once you have downloaded it, unzip the folder content.
Copy the app folder and paste it into the Magento 2 root directory. You can merge the directories.
Open a console and run the following command on the Magento 2 root directory:
STEP 2: Configure your Watchlog extension
You can start with configuring your extension in a general way in: Stores System Config Wyomind WatchLog
In the Connection attempts history tab, you'll be able to configure a certain number of parameters.
History lifetime in days
You have the possibility to define a history lifetime in days in order to purge the history. For example, you'll be able to define the history lifetime as 30 days in order to remove automatically all the login attempts that are older than 30 days.
Send a periodical report
You can choose to receive periodical reports. If you have decided to set that option to YES, then you'll have to define:
Period to report in days Define how many days you want to include in your report.
Sender email Define the email address of the sender.
Sender name Add the name of the sender.
Send the reports to Add the email addresses of the recipients separated by a comma.
Report title Define a title for the report.
Report schedule Define a schedule to automatically send the reports.
You'll then receive a report as below.
STEP 3: Check the login attempts to your Magento 2 back office
You'll have a global overview of the login attempts executed from your Magento 2 admin panel login page if you go to: Stores Watchlog Connection attempts
Statistics on the login attempts will be displayed in graphs and tables.
Login attempts charts
You should get two graphs that recap the login attempts statistics on two different periods of time in order to give you the best possible view. The first chart will display the data in the last 30 days whereas the second one will sum up the login attempts in the last 24 hours.
On both graphs, you'll have several curves:
Success: represents the login attempts that succeeded
Failed: represents the login attempts that failed
Login attempts grids
You should find the summary of the last days within two different views:
In the Detailed View, you'll find a detailed table of the login attempts. Among that grid, you'll have several data:
IP The IP that tried to log into your Magento 2 back office.
Date The date when the IP tried to log in.
Login The login used.
Password The password used to log in.
Message The message displayed when trying to log in.
Url The URL from which the IP tried to log in.
Status The status of the IP: Success or Failed.
By clicking on Switch to the summarized view you should get a table with the basic information. You'll find:
IP The IPs that tried to log in.
Last Attempts The date of the last attempt.
Attempts The number of login attempts.
Failed The number of failed login attempts.
Succeeded The number of login attempts that succeeded.
By default, both tables display data for the last 30 days. You can edit that in the History lifetime in days field, from: StoresSystemConfigWyomind WatchLog
At any time you can switch between both views.
Identify brute force attacks with Watchlog!
List the IPs that try to access your Magento® 2 back-office with the Watchlog extension.
A license is valid for an unlimited period of time on one single installation
If you're using more than one installation, you will have to buy a separate license for each instance.
if you're running several domains on a same installation, you will need only one license for all of them.
Although your license doesn’t have a limited period of validity, your Support & Upgrade period does. By purchasing a module, you’ll be granted a 12-month support period for free. Passed this period, you will have to pay for a new one (see FAQ: Extend your Support period)
One license is valid for an unlimited period of time on oneinstallation only. However, it is possible to extend or transfer your license in 2 cases:
If you would like to add your testing environments to your license. In that case, it is possible to extend your license to an unlimited number of domains for free. For mywebsite-staging.com or mywebsite-dev.com
If you want to transfer your license to another live domain. In that case, the Support & Upgrade period for your license must still be active.
To be able to use Watchlog on both your production and testing environments, follow the instructions below:
Once Watchlog is installed, you have to activate the license. For previous versions, you can activate the license from your back-office:
Go to your Magento admin panel. A message pops up at the top of the page.
If the message doesn't appear then you must check that:
1. The Adminhtml_Notifications and Wyomind_Core modules are well enabled. 2. The HTML output of the Adminhtml_Notifications and Wyomind_Core modules are not disabled in: storesconfigurationadvanced advanced 3. The encryption key well exists in app/etc/env.php:
Copy your activation key in: StoresConfigurationWyomind Your extension
You can find your activation key in 2 different places: - In the confirmation email that you received after purchasing Watchlog. - In your Wyomind account:My account Licenses & downloads Select Watchlog and click on .
A new page opens where you'll find your activation key (see below).
In your Magento admin go to: StoresConfigurationWyomind Your extension
Paste the activation key in the Activation Key field and choose between the automatic (yes) or the manual (no) activation method: - By choosing Yes, the connection to Wyomind license server will be automatic. - By choosing No, you will have to log on to Wyomind license server yourself.
Click on Save config .
A message appears at the top of your admin panel. Click on that link: Activate it now!
Copy and paste the license code in theLicense code field from your admin or simply click on Activate now!
Finally, refresh your cache, log out and log in back straight after, to complete the installation.
When the extension includes other modules, repeat the steps described above for each one, using the corresponding activation keys (each module has its own activation key).
Add another domain to your license
To activate the license on another domain (test, staging...):
Once the extension is installed on the new domain, copy your activation key in: StoresConfigurationWyomind Your extension
After having saved the configuration, a notification appears. Click on Add this domain to my license.
A transfer request will then be sent to our team within an hour. Once the request is taken care of, you will receive a confirmation email. If your transfer request is accepted, you can use Watchlog on both environments at the same time.
Note that the order in which you activate your license on your domains does not matter. You can start with your staging/dev/local environment or with your live domain, the process will be the same.
Also, if you have loads of staging domains, or if you are an agency managing load of domains for your customers, please contact us so that we can automatically whitelist these domains.
Magento 2 merchants must adopt certain best practices to protect the site. While we can focus on keeping the Magento 2 version up-to-date and install security patches on time. Other things are server security, file and folder permissions, etc. We did most of it and felt good. We also modified the admin URL as per some other suggested practices but for reason this can be found by the attackers. You can find some articles on this on web. Finally, we had used the Wyomid Watchlog extension - the Free version. The free version allowed us to see if anyone was trying to brute force the admin page to get access to the admin panel of Magento 2. When we did, we found at least 5 IPs in a duration of about 2 months trying to brute force the panel. We also had 2FA and Google Recaptcha enabled so the attempts were not successful. The plugins recorded the IP, attempts and show those on graph. Very nice. We had some more server and security tools to finally block those IPs outside the module (Free version does not offer that). Even when we changed the admin URL after each attempt, some other IP discovered the URL eventually. Even the Free tool is very useful and we absolutely recommend it since you can change the URL in timely manner and buy some time to implement IP rules on server side which will prevent the site performance degradation for legitimate traffic. But if you don't have other resources at the disposal, I recommend to go for Pro version to perform the URL Blacklisting and Whitelisting from admin panel itself. Again, Wyomind security is a must have extension.
13th May 2020
Very useful tool
We have spent this tool for a long time and it has saved us from many attacks on our website, since it alerts us instantly by email and you can act instantly ... It allows us to be alert 24 hours a day without effort. Extension needed for all magentos ...
27th April 2019
Muy buena extension y un excelente servicio técnico.
11th October 2015
Most mentionable in my case is the support I guess. Yes, the extension is very much useful and works as described. However, WYOMIND's support works even better. Why? Because even on a sunday WYOMIND is not shy of giving full support! Yes, you heard right ... on a "sunday"! Besides, it was a very good, fast and professional support. Thank again, guys!
31st August 2015
This tool is great for free. It show us an Hacker Attack so we can react fast. Thank you!
21st April 2015
Nice extesion to see hack attempts
Got a message from them about a potential hack attempt. Read an review here this was fake ? Traced the ip and the ip was on an abuse list. If the reviewer wrote that was fake it would mean that this developers is faking the attacks ? What reason just to download a free watchdog extension ? I placed the attacking ip on a blacklist thru htaccess and attempts were stopped. So far this company has given me good support and I don't think this is fake or marketing. I never looked at hack attemps but since many systems are under attack why not magento sites. At least they woke me up so admin url will be changed as will downloader url. I can only see this as a positive reminder to make you installation more secure.. Good work
21st April 2015
Stopped Brute force attack in seconds
Thanks again to Pierre and his team. I downloaded this extension and literally stopped a brute force attack in under 3 minutes. Installed in seconds, It gives all the information you need within a few minutes and simply works. Great free version.
17th April 2015
Works exactly as described. Installed without a hitch. Checked the logs after 30 minutes and found there had been around 15 attempted to gain entry via brute force. I blocked the offending IPs in .htaccess. Well worth considering the Pro version for automatic blocking. Recommend this extension to everyone.
17th April 2015
False alerts and worried customers
We run a few sites using the Data Feed Manager from Wyomind for Google Shopping feeds (this works great, can't recommend it enough!) However I received a notification for all the sites running this plugin yesterday that there were potential brute force attacks on the site to try and gain access to the back end. This is completely untrue, I scoured the logs and there's hardly any attempts in there (with 95% of them being legit attempts to log in). The fact it happened on all the sites within a few hours suggests this is just a marketing ploy, one which had us receive worried emails from customers (who run the site) about the security of their site (when there was nothing to be concerned about). So be aware of their work providing false alerts before blindly installing the extension to solve an issue that doesn't exist.
16th April 2015
great for stopping hacking attempts
Wyomind warned me about a possible brute force attack on my website, because they saw many login attempts (as they explained, each attempt retrieves their rss feed because I have an other extension from them). After installing the extension showed the attack and my provider blocked the attackers IP address. So thanks to Wyomind my website is more secure and the system resources are not used for anything that is not meant to use them.
Mass Product Import & Update allows you to update and import products massively in Magento in record time through CSV or XML files available from your website's server, or any remote server through FTP or HTTP.