Magento Expert Forum - Improve your Magento experience

Results 1 to 3 of 3

How to Secure Your Magento Website From Brute Force Attack

  1. #1
    Junior Member
    Join Date
    Jun 2016
    Location
    Bhavnagar, Gujarat, India
    Posts
    1,125
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Post How to Secure Your Magento Website From Brute Force Attack

    Hello Magento folks,

    I hope you all had a great weekend. Last we talked about how you can fix a 404 error in your Magento 2 admin. Today we will talk about how you can secure your Magento website from brute force attack.

    Name:  How-to-secure-your-Magento-Website-from-Brute-force-Attack.png
Views: 61
Size:  19.6 KB


    Brute force attacks are increasing day by day, and most of the websites are weak to face these break-in attacks. From these attacks, you could potentially lose millions of dollars, and your personal data can be lost and misused. You should take this matter seriously save your Ecommerce store.

    If you don’t know what brute force attack is in ethical hacking, then let me explain it in simple terms. By using the Brute Force attack, one bot is fired to your login page to try different username/passwords, which are inbuilt in the brute force attack program. They have thousands of weak username/password combination to try in minutes.

    If you have a weak username/password and kept the same admin link, hackers are just some minutes away to hack your admin and do whatever they want.

    Below are the steps to save and secure your Magento website from a brute force attack.

    1. Use a customized admin path for your website.
    Magento 1: Default Magento URL is domain.com/admin, so don’t let hackers know your admin login page. For that, you have to change it.
    Go to app/etc/local.xml open this file, scroll down below and find admin, change it to something unusual and weird that only you can remember.

    You can see <![CDATA[admin]]>, change it to your own admin URL, e.g.: important or Backoffice or stayaway

    Clear and flush the cache and check the frontend then.

    2. Securing your Magento Admin account
    I believe that there are almost 90% Magento store owners who keep their username as admin.
    If you are in the same 90%, understand that hackers already know that you kept the admin as a username, and now they only need to try different passwords using brute force. Whatever combination applies, and your store will be hacked.

    So, it is a good security practice to keep a different username instead of admin.

    You can change your admin username from

    Magento1: System – My account.
    Magento2: Admin – Account setting (admin) on top right in the backend.

    The second important thing here is to keep your admin password strong. You can use online strong password generator tools and keep it safe on your desktop somewhere. Or use service like LastPass easy management of passwords.

    3. Downloader folder for Magento 1
    Magento 1 is having a downloaded folder in the root of your Magento files. It was generally used for extension installation from Magento Marketplace.

    Some hackers can gain access to your website from this downloader folder. To protect your Magento site, you have the following choices.

    You can rename the downloadable folder as it’s not useful anymore.

    for more information visit this: https://magecomp.com/blog/secure-mag...-force-attack/

    View more threads in the same category:


  2. #2

  3. #3
    Junior Member
    Join Date
    Nov 2019
    Posts
    1,083
    Thanks
    6
    Thanked 3 Times in 3 Posts

    Default

    Waoo! It's really very useful content. Keep sharing.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •