solutions for e-commerce

13 years of business 2563 reviews 4.9 average rating
User guide

Watchlog - Security enhancement for your Magento 2 website

Possible large scale brute force attack on Magento!

Thousands of Magento websites are certainly concerned by this very large brute force attack which aim is clearly to force access to Magento back offices.

The principle of that kind of attack is simple: robots try to log into your back office using multiple login/password combinations until they find the correct credentials.

Once these credentials are identified, your Magento website becomes easy prey for hacking: exploitation of your database, diversion of your payments, hacking, unfair competition...

What to do?

The admin but also the downloader of Magento are concerned with these brute force attacks. You need to make sure to protect each entrance to your back office by adding for example htaccess to the downloader.

Check if your website is subject to these attacks

You can install our free Watchlog extension to detect the intrusions into your back office, you will then be able to track login attempts.

Bypass the attacks

Several solutions exist to make your back office invisible to robots that try to log in:

  • Modify the name of your back office
  • Activate captcha for your back office
  • Restrict the access to your back office by IP with htaccess

You can also use Watchlog PRO that will act as a firewall and so replace all the above steps.

Watchlog Free Vs Watchlog Pro

While the free extension Watchlog lists the IPs that try to access your Magento back office, Watchlog PRO will also help you to stop these intrusion attempts. Watchlog PRO is a more complete version that offers more options than Watchlog.


Watchlog Pro

Connection attempts charts

Check the daily and monthly login attempts charts.

Connection attempts tables

Get detailed and summarized tables of the login attempts data.

Connection attempts history

Define the history lifetime and receive periodical reports.

Blacklist and Whitelist

Create a whitelist and a blacklist of IPs, allow access to whitelisted IPs only.

Automatically or Manually block IPs

Block IPs after X login attempts, block the blacklisted IPs for X minutes.

How to use the Watchlog extension for Magento

Watchlog is a free extension for Magento that is easy to use. You'll be able to see very quickly if your Magento Backoffice is threatened by a brute force attack and if someone or some robots are trying to log into your Magento admin panel.

STEP 1: Install Watchlog

To install the Watchlog free extension on your Magento admin, follow the below steps:

  1. Log in to your Wyomind account.
  2. From the Watchlog extension page, click on Download and then on BUY NOW (no worry, the extension is free). 
  3. You should be redirected to:
    Your accounTLicenses & Downloads
  4. Click the settings icon next to the Watchlog extension.
  5. Select the version you want to download and click the Download button. 
  6. Install the extension.
  7. Activate your free license.

STEP 2: Configure your Watchlog extension

You can start with configuring your extension in a general way in:
SystemConfigurationWyomind WatchLog

In the Connexion attempts history tab, you'll be able to configure a certain number of parameters.

History lifetime in days

You have the possibility to define a history lifetime in days in order to purge the history. For example, you'll be able to define the history lifetime as 30 days in order to remove automatically all the login attempts that are older than 30 days.  

Send a periodical report

You can choose to receive periodical reports. If you have decided to set that option to YES, then you'll have to define:
  • Period to report in days
    Define how many days you want to include in your report
  • Report title
    Define a title for your report.
  • Report recipients
    Add the email addresses of the recipients separated by a comma.
  • Report schedule
    Define a schedule to automatically send the reports.

STEP 3: Check the login attempts to your Magento back office

You'll have a global overview of the login attempts executed from your admin panel login page if you go to:
 System Watchlog

Statistics on the login attempts will be displayed in graphs and tables.

Login attempts charts

You should get two graphs that recap the login attempts statistics on two different periods of time in order to give you the best possible view. The first chart will display the data on 30 days whereas the second one will sum up the login attempts in 24 hours. On both graphs, you'll have several curves:
  • Success: which represents the login attempts that succeeded
  • Failed: which represents the login attempts that failed

Login attempts grids

You should find the summary of the last days within two different views:

  • Detailed view
  • Summarized view

In the Detailed View, you'll find a detailed table of the login attempts. Among that grid, you'll have several data:

  • The IP that tried to log into the back office.
  • The date when the IP tried to log in.
  • The login used.
  • The message displayed when trying to log in.
  • The URL from which the IP tried to log in.
  • The status of the IP: Success or Failed.

Note that there won't be any record of the successful connections from the Downloader.

By clicking on Switch to the summarizeD VIEW you should get a table with the basic information. You'll find:

  • The IPs that tried to log in.
  • The date of the last attempt.
  • The number of login attempts.
  • The number of failed login attempts.
  • The number of login attempts that succeeded.

By default, both tables display data for the last 30 days. You can edit that in the History lifetime in days field, from:
SystemConfig Wyomind  WatchLog

At any time you can switch between both views.

Prevent your website from brute force attacks with Watchlog

Connection attempts charts

Check the daily and monthly login attempts charts

Connection attempts tables

Get detailed and summarized tables of the login attempts data.

Connection attempts history

Define the history lifetime and receive periodical reports.

Freqently Asked Questions
License and domains

A license is valid for an unlimited period of time on one single Magento installation.

If you use more than one Magento installation, you will have to buy a separate license for each one.

If you run several domains on the same Magento installation, you will need only one license for all of them.

Although your license doesn’t have a limited period of validity, your support period does. By purchasing an extension, you’ll be granted a 6-month support period for free. Passed this period, you will have to renew your Support plan (see FAQ: How to extend my support period?).

You can pre-register your live domain to your license in advance.

Thanks to this option, you'll be able to get the extension ready to use on your domain before it goes live.

To pre-register your production domain: 

  1. Go to:
    mY accountLicenses & DOwnloads
  2. Click on  next to the extension you want your domain to pre-register on.
  3. Click on the link at the bottom of the page saying:
    Do you want to pre-register your domain in order to be ready to go live?
  4. Finally, enter your domain name and click on pre-register now .
Attention, this doesn't mean your license is activated. You'll still have to activate it on your new domain when the extension is installed. 

One license is valid for an unlimited period of time on one Magento installation only.  

It is possible, however, to extend or transfer your license in 2 cases: 

  • If you'd like to add your testing environments to your license.
    In this case, it is possible to extend your license to an unlimited number of domains for free.
    For example or
  • If you want to transfer your license to another live domain.
    In that case, the support period for your license must still be active.

To be able to use Watchlog on both your production and testing environments, follow the instructions below:

  1. Download Watchlog.
    (see FAQ: Extensions download)
  2. Install Watchlog on your production environment.
    (see FAQ: Extensions installation)
  3. Activate the license.
    (see FAQ: Extensions activation).
  4. From your Magento admin panel, enter your current Activation Key in:
  5. Save your configuration.

Now that you can use Watchlog on your production environment, repeat the same steps as above on your testing environments.

The only difference this time: a notification will appear in your Magento admin

You will be given a choice between:

  1. buy a new license now
  2. add this domain to my license

Click on Add this domain to my license.

A transfer request will then be sent to our team within an hour.

Once the request is taken care of, you will receive a confirmation email.

If your transfer request is accepted, you can use Watchlog on both environments at the same time.

The order in which you activate your license on your domains does not matter.
You can start with your staging/dev/local environment or with your live domain, the process will be the same.
Modules versioning and download

In order to download Watchlog, log into your Wyomind account:

    1. Go to:
      my accountLicenses & downloads 
    2. Click on the  icon next to Watchlog.

      A new window opens.

    3. Choose the version of Watchlog.
      You will be able to choose the most recent version of Watchlog (for both Magento 1 and Magento 2).
    4. Click on  .

Your download can start.

When purchasing an extension from, you benefit from a lifetime upgrade. You can at any time download the latest version of the extension directly from your account. 

To upgrade Watchlog, follow the steps below:

  1. Go to:
    my accountLicenses & Downloads
  2. Click on  next to Watchlog.
  3. Choose the latest version of Watchlog (for Magento 1 and Magento 2).
  4. Click on download .
  5. Install the new version of Watchlog to update your Magento admin. 

Modules Installation/Uninstallation

To uninstall Watchlog, go on its zip folder and open it.

You will find a shell file (such as: that you must execute on both your server and Magento root directory.

Once the uninstallation is over, refresh your cache and enable the compiler back again (if you use it).

Before installing Watchlog, you’ll have to:

  • Backup your Magento installation in:
    system  tools   backups
  • Disable the compiler in your Magento admin panel if it’s not already disabled:
    system  tools   COMPILATIONS
  • Refresh your cache in:
    systemselect cache typeactionsrefreshsubmit

Now you can install Watchlog:

  1. Download Watchlog (zip file) from:
    my account my downloads
    Refer to FAQ here: Extensions download
  2. Once Watchlog is downloaded, open the folder and unzip it.
  3. Copy the content of the unzip folder and paste all files and directories in your Magento root directory (the folder content can vary according to the extension but it generally includes app, lib and skin folders).

  4. Once your installation is complete, don't forget to enable the compiler back (if it was already enabled before the installation) and run compilation process.
  5. Refresh your cache, logout from your admin panel and log back in right after.

Next step is to activate your license, to do so, click here: Extension activation

Modules activation

Once Watchlog is installed, you have to activate the license: 

  1. Go to your Magento admin panel. A message pops up at the top of the page.

    If the message doesn't appear then you must check that:

    Wyomind's License Manager has not been removed from your installation.
    Wyomind's License Manager is enabled in: app/etc/modules/Wyomind_Licensemanager.xml
    The HTML output for Wyomind_Licensemanager and/or Adminhtml_Notification are not disabled in your system under: system   configuration  advanced advanced

  2. Copy your activation key.

    You can find your activation key in 2 different places:
    - In the confirmation email that you received after purchasing Watchlog
    - In your Wyomind account:MY ACcount My downloads, select Watchlog and click on  . A new page opens where you'll find your activation key (see below).
  3. In your Magento admin go to:
    SysteMConfigurationWyomindYour extension

    Paste the activation key in the Activation Key field and choose between the automatic (yes) or the manual (no) activation method:
    - By choosing Yes, the connection to Wyomind license server will be automatic. 
    - By choosing No, you will have to log on to Wyomind license server yourself.

  4. Save the configuration.
  5. Clear your caches. 
  6. A message appears at the top of your admin panel: Activate it now!  Click on that link.

  7. Copy and paste the license code in the License code field from your admin or simply click on Activate now! 
  8. Finally, refresh your cache, log out and log back in straight after, to complete the installation.

To activate the license of an extension that includes other modules, you’ll have to repeat the steps described above for each extension, using the corresponding activation keys (each module has its own activation key).


If you're getting a white page using the extension, you should enable the error reporting in order to display the error. You can do that from index.php.

Magento 1 / Openmage Compatibility

Magento 1 / Openmage®

  • 1.1.3
  • 1.1.4
  • 1.1.5
  • 1.1.6
  • 1.1.7
  • 1.1.8
  • 1.2.0
  • 1.2.1
  • 1.3.0
  • 1.3.1
  • 1.3.2
  • 1.3.3
  • 1.4.0
  • 1.4.1
  • 1.4.2
  • 1.5.0
  • 1.5.1
  • 1.6.0
  • 1.6.1
  • 1.6.2
  • 1.7.0
  • 1.8.0
  • 1.8.1
  • 1.9.0
  • 1.9.1
  • 1.9.2
  • 1.9.3
  • 1.9.4
  • 1.10.0
  • 1.10.1
  • 1.11.0
  • 1.11.1
  • 1.11.2
  • 1.12.0
  • 1.13.0
  • 1.13.1
  • 1.14.0
  • 1.14.1
  • 1.14.2
  • 1.14.3
  • 1.14.4

Magento 1 / Openmage® Enterprise (deprecated)

  • 1.1.3
  • 1.1.4
  • 1.1.5
  • 1.1.6
  • 1.1.7
  • 1.1.8
  • 1.2.0
  • 1.2.1
  • 1.3.0
  • 1.3.1
  • 1.3.2
  • 1.3.3
  • 1.4.0
  • 1.4.1
  • 1.4.2
  • 1.5.0
  • 1.5.1
  • 1.6.0
  • 1.6.1
  • 1.6.2
  • 1.7.0
  • 1.8.0
  • 1.8.1
  • 1.9.0
  • 1.9.1
  • 1.9.2
  • 1.9.3
  • 1.9.4
  • 1.10.0
  • 1.10.1
  • 1.11.0
  • 1.11.1
  • 1.11.2
  • 1.12.0
  • 1.13.0
  • 1.13.1
  • 1.14.0
  • 1.14.1
  • 1.14.2
  • 1.14.3
  • 1.14.4
User's reviews
Log into your account to leave your review and get up to 3 months of free Support & Upgrade.

5th September 2020

Must have extension to monitor admin URL

Magento 2 merchants must adopt certain best practices to protect the site. While we can focus on keeping the Magento 2 version up-to-date and install security patches on time. Other things are server security, file and folder permissions, etc. We did most of it and felt good. We also modified the admin URL as per some other suggested practices but for reason this can be found by the attackers. You can find some articles on this on web. Finally, we had used the Wyomid Watchlog extension - the Free version. The free version allowed us to see if anyone was trying to brute force the admin page to get access to the admin panel of Magento 2. When we did, we found at least 5 IPs in a duration of about 2 months trying to brute force the panel. We also had 2FA and Google Recaptcha enabled so the attempts were not successful. The plugins recorded the IP, attempts and show those on graph. Very nice. We had some more server and security tools to finally block those IPs outside the module (Free version does not offer that). Even when we changed the admin URL after each attempt, some other IP discovered the URL eventually. Even the Free tool is very useful and we absolutely recommend it since you can change the URL in timely manner and buy some time to implement IP rules on server side which will prevent the site performance degradation for legitimate traffic. But if you don't have other resources at the disposal, I recommend to go for Pro version to perform the URL Blacklisting and Whitelisting from admin panel itself. Again, Wyomind security is a must have extension.

13th May 2020

Very useful tool

We have spent this tool for a long time and it has saved us from many attacks on our website, since it alerts us instantly by email and you can act instantly ... It allows us to be alert 24 hours a day without effort. Extension needed for all magentos ...

27th April 2019

Excelente Extension

Muy buena extension y un excelente servicio técnico.


11th October 2015

Extraordinary support!

Most mentionable in my case is the support I guess. Yes, the extension is very much useful and works as described. However, WYOMIND's support works even better. Why? Because even on a sunday WYOMIND is not shy of giving full support! Yes, you heard right ... on a "sunday"! Besides, it was a very good, fast and professional support. Thank again, guys!


31st August 2015

Helpfull tool

This tool is great for free. It show us an Hacker Attack so we can react fast. Thank you!


21st April 2015

Nice extesion to see hack attempts

Got a message from them about a potential hack attempt. Read an review here this was fake ?
Traced the ip and the ip was on an abuse list.
If the reviewer wrote that was fake it would mean that this developers is faking the attacks ?
What reason just to download a free watchdog extension ?
I placed the attacking ip on a blacklist thru htaccess and attempts were stopped.
So far this company has given me good support and I don't think this is fake or marketing. I never looked at hack attemps but since many systems are under attack why not magento sites.
At least they woke me up so admin url will be changed as will downloader url. I can only see this as a positive reminder to make you installation more secure.. Good work


21st April 2015

Stopped Brute force attack in seconds

Thanks again to Pierre and his team. I downloaded this extension and literally stopped a brute force attack in under 3 minutes.
Installed in seconds, It gives all the information you need within a few minutes and simply works.
Great free version.


17th April 2015

Superb tool

Works exactly as described. Installed without a hitch. Checked the logs after 30 minutes and found there had been around 15 attempted to gain entry via brute force. I blocked the offending IPs in .htaccess. Well worth considering the Pro version for automatic blocking. Recommend this extension to everyone.


17th April 2015

False alerts and worried customers

We run a few sites using the Data Feed Manager from Wyomind for Google Shopping feeds (this works great, can't recommend it enough!)
However I received a notification for all the sites running this plugin yesterday that there were potential brute force attacks on the site to try and gain access to the back end. This is completely untrue, I scoured the logs and there's hardly any attempts in there (with 95% of them being legit attempts to log in).
The fact it happened on all the sites within a few hours suggests this is just a marketing ploy, one which had us receive worried emails from customers (who run the site) about the security of their site (when there was nothing to be concerned about).
So be aware of their work providing false alerts before blindly installing the extension to solve an issue that doesn't exist.


16th April 2015

great for stopping hacking attempts

Wyomind warned me about a possible brute force attack on my website, because they saw many login attempts (as they explained, each attempt retrieves their rss feed because I have an other extension from them).
After installing the extension showed the attack and my provider blocked the attackers IP address.
So thanks to Wyomind my website is more secure and the system resources are not used for anything that is not meant to use them.


Initial release for the master version

Initial release for the legacy version

  • The Watchlog charts display has been adapted to the new constraints of Google


  • New button to purge the history
  • Code optimization


  • Date in the notification is based on the locale time not the GMT time

Bug fix

  • Daily reports by email were not sent if system > configuration > Watchlog was not updated

Bug fix :

  • Urls in notification message drive now to the notification page and watchlog page instead of the dashboard

Bug Fix:

  • Fix on the notification urls


  • Compatibility fix for Magento Security Patch SUPEE 6788


  • Improved notifications for failed connection attempts


  • Optimized filter by status

Bug Fix:

  • Fix on reports cron tasks

Bug Fix:

  • Fix on the graph (30 days)
  • First release
Demo store

Stay tuned and get a coupon code of 10% off any purchase while creating your account!

Subscribe now for updates, promotions and products launch twice a month at most.

Please indicate a valid email