is available for Magento® 2
Prevent your website from brute force attacks with
Follow the traffic on your Magento® admin
- View the daily and monthly login attempts in graphs
- Get a detailed and a summarized table of the login attempts
- Get a periodic report on the statistics by email
Keep track of the connection attempts
- Define a history lifetime in days
large scale brute force attack on Magento®!
Thousands of Magento® websites are
The principle of that kind of attack is simple: robots try to log into your
Once these credentials are identified, your Magento® website becomes an easy prey for hacking: exploitation of your database, diversion of your payments, hacking, unfair competition...
How did we notice this attack?
At Wyomind, our paid software are delivered with a module named Notification Manager. It keeps you informed about the new updates of our extensions.
This extension is available from your
In order to feed custom notifications to your
If you want more information on how RSS feeds and notifications work within Magento®, you can read
This implementation choice has underlined some considerable peaks of requests concerning thousands of websites and implying repetitive login attempts.
These login attempts can recur several times a minute and can reach several tens of
How to check if my website is subject to these attacks?
If you received a message from us, it means we have noticed an abnormally high number of requests:
Why my hosting company can't protect my website against these attacks?
It is quite difficult to detect and to implement a firewall against that kind of attack for the following reasons:
- The IPs constantly change
- The IPs requests are made regularly and at different intervals of time
- The IPs try to access from different pages into your Magento®
What to do?
Fortunately, these attacks are easy to bypass!
Several solutions exist to make your
- Modify the name of your
- Activate captcha for your
- Restrict the access to your
- OR use
While the free extension
Connection attempts charts
Check the daily and monthly login attempts charts.
Connection attempts tables
Get detailed and summarized tables of the login attempts data.
Connection attempts history
Define the history lifetime and receive periodical reports.
Blacklist and Whitelist
Create a whitelist and a blacklist of IPs, allow access to whitelisted IPs only.
Automatically or Manually block IPs
Block IPs after X login attempts, block the blacklisted IPs for X minutes.
HOW TO USE THE
WATCHLOG EXTENSION FOR MAGENTO
HOW TO INSTALL
To install the
1. Go to the Magento® Connect page.
2. Log in to your account.
3. Click on Install Now.
4. Agree to the license agreements and click on Get Extension Key.
5. Select and copy the extension key.
6. Go to your Magento® admin in System > Magento® Connect > Magento® Connect Manager.
7. In the Settings tab, untick the Maintenance mode box if preferred.
8. In the Install New Extension tab, paste the extension key in the appropriate field and click on Install.
9. The installation starts and shows a message when it's complete.
10. Click on the Refresh button.
11. Return to your Magento® admin.
STEP 1: Configure your
You can start with configuring your extension in a general way in System > Config > Wyomind >
In the Connexion attempts
History lifetime in
Send a periodical
- Period to report in
STEP 2: Check the login attempts to your Magento®
If you go to System >
Statistics on the login attempts will be displayed in graphs and tables.
Login attempts charts
You should get two graphs that recap the login attempts statistics on two different periods of time in order to give you the best possible view. The first chart will display the data on 30 days whereas the second one will sum up the login attempts on 24 hours.
On both graphs, you'll have several curves:
Login attempts grids
You should find the summary of the last days within two different views:
- Detailed view
- Summarized view
In the Detailed
- The IP that tried to log into the
- The date when the IP tried to log in.
- The login used.
- The message displayed when trying to log in.
- The status of the IP: Success or Failed.
By clicking on Switch to the summarized
- The IPs that tried to log in
- The date of the last attempt
- The number of login attempts
- The number of failed login attempts
- The number of login attempts that succeeded
By default, both tables display data of the last 30 days. You can edit that from System > Config > Wyomind >
At any time you can switch between both views.