Enter your homepage URL below. The test will take a few seconds to test your store. No information is collected or stored.
The Fix
The most important first step is to ensure that the entire Magmi directory is not publicly accessible, only the web
directory
in the Magmi directory should be exposed, the remaining files should be unaccessible. Using a symlink is the easiest way to achieve this.
Just move the Magmi directory out of the document root, then create a symlink (with an obscure name, eg. some-obscure-name
) back
to the web directory.
cd /microcloud/domains/example/domains/example.com/http/ mv magmi ../___magmi ln -s ../___magmi/web some-obscure-name
Nginx
Add the following location directive to your Nginx configuration file to protect by either IP or HTTP basic authorisation. Replace my.ip.add.ress
and /path/to/magmi/.htpasswd
as necessary. Then reload for the changes to take effect.
location ~* ^/some-obscure-name { satisfy any; allow my.ip.add.ress; auth_basic "Restricted Access"; auth_basic_user_file /path/to/magmi/.htpasswd; deny all; location ~* \.(php) { include fastcgi_params; } try_files $uri $uri/ @bootstrap; }
To populate the contents of your .htpasswd
file, you can use the following command (replace user
and password
as neccessary):
printf "user:$(openssl passwd -1 password)\n" >> .htpasswd
Apache
Add the following location directive to your .htaccess
file in the /magmi
directory to protect by either IP or HTTP basic authorisation. Replace my.ip.add.ress
and /path/to/magmi/.htpasswd
as necessary. Then reload for the changes to take effect.
AuthUserFile /path/to/magmi/.htpasswd AuthName "Restricted Access" AuthType Basic Require valid-user satisfy any deny from all allow from my.ip.add.ress
To populate the contents of your .htpasswd
file, you can use the following command:
htpasswd .htpasswd user