Written by Steve Perry
Published on

Magento Security: is your online store open to brute force attacks?

The forensic team at Foregenix has recently identified a number of cases where attackers use a brute force to gain full access to Magento stores.

These attackers were able to gain full access to Magento stores due to a combination of weak passwords and poor file system setup in the Magento directory, namely the www./downloader/.cache/community and www./downloader/index.php paths.

Having access to these paths meant that the attackers could then upload a genuine, normally harmless, module which allows full editing of Magento files straight from the admin. Furthermore, two webshells were then uploaded to the website which allowed attackers to add, edit and remove files within the webserver root directory.

How do I know if my store is affected or vulnerable?

Foregenix have created a simple-to-follow whitepaper, which you can download from their website, or alternatively get in touch today so that I can take a look for you.

Magento security, staying safe

It’s important to keep your Magento ecommerce website safe and secure as well as keeping Magento itself and all installed modules fully up-to-date. I offer cost-effective maintenance packages which make this easier for you.

Steve Perry Creative Ltd

Studio and registered office: 4 Back Lane, Brown Edge, Staffordshire ST6 8QS.

Copyright © 2012 – 2023 Steve Perry Creative Ltd., unless otherwise noted.

Registered in England & Wales, number 08354632.


Typeset in Söhne Kräftig and Söhne Buch, by Klim Type Co.

Set as 32/64, 24/32, 20/32, and 12/16 on an 8px/96px grid.

Colour palette selected for AAA contrast.