OCT 23 2015

Securing Magento Cacheleak, Backupleak and Sessionleak


Magento Cacheleak is an implementation vulnerability, result of bad implementation of web-server configuration for Magento platform. With such configuration web-server ignoring all or some .htaccess files shipped with Magento distribution or some directives from these files and therefor all private… Read the rest

OCT 18 2015

Securing MAGMI Data Import Tool

MAGMI (Magento Mass Importer), popular Magento Data Import Tool, often is used without any protection in its default location (/magmi/web/magmi.php). Unsecure implementaion of this tool can be abused to gain full access to a Magento installation, especially taking into account… Read the rest

MAY 13 2015

Restrict access to Magento /downloader/


We are noticing dynamic increase in robots/crawlers brute-forcing Magento’s /downloader/ locations, trying default admin user with various passwords (mostly dictionary-based) and other popular logins. We seen the bots are trying it continuously (in some cases for several months or years… Read the rest

APR 23 2015

Securing Magento /admin/ by admin path change


Default Magento backend URL is set to /admin/ (i.e. http://www.example.com/admin/), it knows everyone, including bots and crackers, who brute-forcing it for weeks according to my logs. Recent Shoplift vulnerability (known by its SUPEE-5344 patch widely announced to public) indicated that… Read the rest

APR 20 2015

How to edit Magento Maintenance page

Magento maintenance page design can be changed just like any other Magento error page. By default, it looks like the following: It is shown when your store is in Maintenance mode, you can read how to turn it on or… Read the rest

JAN 13 2015

[solution] Magento :: Changes not applied

When you stuck why your configuration changes have no effect in Magento, try the following steps: make sure that you have applied changes for correct Configuration Scope / store / store view and there are no overrides on lower level… Read the rest

NOV 28 2014

How to change favicon in Magento

Magento favicon is changed at System > Configuration > Web > Design > HTML Head > Favicon icon. Click on Browse button and select favicon icon from your hard drive to upload.