Note: Updated with a new script called DB_CLEANUP_SCRIPT_v2 to clear pre-existing failed login data in additional tables.
Magento releases a hotfix to remove failed login attempts from the database patch for Magento 2.3.0 – 2.3.2p1 on March 26, 2020.
A recent update on April 13, 2020, included a new script called DB_CLEANUP_SCRIPT_v2 to clear pre-existing failed login data in additional tables. You need to use this script even if you have run DB_CLEANUP_SCRIPT_v1 previously to help ensure additional tables are cleaned up.
For the earlier versions of Magento 2, i.e., 2.2.10+ and 2.3.3+, it was only required to run a script to remove pre-existing failed login credentials from the Magento Commerce and Magento Commerce Cloud database.
However, for Magento 2.3.0-2.3.2-p2, this hotfix released does the task.
The issue was reported to Magento that allowed failed login attempts to be logged in a database in Magento 2.3.x and 2.2.x. To resolve it, Magento released a fixed in October 2019. However, a new issue arose that information collected prior to updating to these current versions may still exist.
We know that any Magento 1 versions are not affected by this issue but only Magento 2.x Open Source and Magento Community versions.
To resolve this new issue, you can download the database patch for Magento 2.3.0 – 2.3.2p1.
Firstly, determine your Magento version, and decide if you need to install the patch or run the script.
For previous Magento 2 versions such as 2.3.3 and above, you simply need to run the below scripts in order to clean the old logs:
CLEANUP_PATCH_COMPOSER_2.3.2.patch
Now run the script to clean the database of the pre-existing failed login attempts. The script is attached to the article:
Method to install “Remove Failed Login Attempts From the Database Patch for Magento 2.3.0 – 2.3.2p1:
Only run the below script to clear old logs. This script is attached to the article. To download it, click the following link:
How to run the script
Follow the below instructions to run the script:
- Place the DB_CLEANUP_SCRIPT_v2.php in the root directory of the Magento installation (in the same directory as app which contains app/bootstrap.php).
- Run the below command in the terminal to begin the database clean up process:
php DB_CLEANUP_SCRIPT_v2.php
That’s it. You can read more here.
Do share the post with the Magento community via social media.
Thank you.