Monitor your admin access Magento

Published On - 21 February 2013

The Team Magento Security

 

 

 

A nice way to see if you have any unwanted visitors to your admin access in Magento is to add Google analytics to the login page.

To do this all you need to do is

go to /httpdocs/app/design/adminhtml/default/default/template/Login.phtml

then copy your GA code into the Head of the page like this

<head>

<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />
<title><?php echo Mage::helper(‘adminhtml’)->__(‘Log into Magento Admin Page’) ?></title>
<link type=”text/css” rel=”stylesheet” href=”<?php echo $this->getSkinUrl(‘reset.css’) ?>” media=”all” />
<link type=”text/css” rel=”stylesheet” href=”<?php echo $this->getSkinUrl(‘boxes.css’) ?>” media=”all” />
<link rel=”icon” href=”<?php echo $this->getSkinUrl(‘favicon.ico’) ?>” type=”image/x-icon” />
<link rel=”shortcut icon” href=”<?php echo $this->getSkinUrl(‘favicon.ico’) ?>” type=”image/x-icon” />

<script type=”text/javascript” src=”<?php echo $this->getJsUrl(‘prototype/prototype.js’) ?>”></script>
<script type=”text/javascript” src=”<?php echo $this->getJsUrl(‘prototype/validation.js’) ?>”></script>
<script type=”text/javascript” src=”<?php echo $this->getJsUrl(‘scriptaculous/effects.js’) ?>”></script>
<script type=”text/javascript” src=”<?php echo $this->getJsUrl(‘mage/adminhtml/form.js’) ?>”></script>
<script type=”text/javascript” src=”<?php echo $this->getJsUrl(‘mage/captcha.js’) ?>”></script>

<!–[if IE]> <link rel=”stylesheet” href=”<?php echo $this->getSkinUrl(‘iestyles.css’) ?>” type=”text/css” media=”all” /> <![endif]–>
<!–[if lt IE 7]> <link rel=”stylesheet” href=”<?php echo $this->getSkinUrl(‘below_ie7.css’) ?>” type=”text/css” media=”all” /> <![endif]–>
<!–[if IE 7]> <link rel=”stylesheet” href=”<?php echo $this->getSkinUrl(‘ie7.css’) ?>” type=”text/css” media=”all” /> <![endif]–>
<script type=”text/javascript”>

var _gaq = _gaq || [];
_gaq.push([‘_setAccount’, ‘UA-99999999-1’]);
_gaq.push([‘_trackPageview’]);

(function() {
var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true;
ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’;
var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s);
})();

</script></head>

You can then see visits to the page in GA by going to traffic sources all traffic and search for /login

login

You can monitor frequency and country of origin, if you do have an issue you can beef up your security to stop anyone getting in other than you.

Thank you