is available for Magento® 2
Prevent your website from brute force attacks with
large scale brute force attack on Magento®!
Thousands of Magento® websites are
The principle of that kind of attack is simple: robots try to log into your
Once these credentials are identified, your Magento® website becomes an easy prey for hacking: exploitation of your database, diversion of your payments, hacking, unfair competition...
How did we notice this attack?
At Wyomind, our paid software are delivered with a module named Notification Manager. It keeps you informed about the new updates of our extensions.
This extension is available from your
System Configuration Wyomind Notification
It lets you choose for which extension you wish to receive notifications.
In order to feed custom notifications to your
If you want more information on how RSS feeds and notifications work within Magento®, you can read
This implementation choice has underlined some considerable peaks of requests concerning thousands of websites and implying repetitive login attempts.
These login attempts can recur several times a minute and can reach several tens of
How to check if my website is subject to these attacks?
If you received a message from us, it means we have noticed an abnormally high number of requests:
Why my hosting company can't protect my website against these attacks?
It is quite difficult to detect and to implement a firewall against that kind of attack for the following reasons:
- The IPs constantly change
- The IPs requests are made regularly and at different intervals of time
- The IPs try to access from different pages into your Magento®
backoffice(Downloader, Admin log in Page...)
What to do?
Fortunately, these attacks are easy to bypass!
Several solutions exist to make your
- Modify the name of your
- Activate captcha for your
- Restrict the access to your
backofficeby IP with htaccess
- OR use
WatchlogPRO that will act as a firewall and so replace all the above steps.
The admin but also the downloader of Magento® are concerned with these brute force attacks. You need to make sure to protect each entrance to your backoffice by adding for example htaccess to the downloader.
Watchlog Free Vs Watchlog Pro
While the free extension
Connection attempts charts
Check the daily and monthly login attempts charts.
Connection attempts tables
Get detailed and summarized tables of the login attempts data.
Connection attempts history
Define the history lifetime and receive periodical reports.
Blacklist and Whitelist
Create a whitelist and a blacklist of IPs, allow access to whitelisted IPs only.
Automatically or Manually block IPs
Block IPs after X login attempts, block the blacklisted IPs for X minutes.