Sansec logo

How to change all Magento admin passwords


by Sansec Support

Published in Guides

It is recommended to use at least 10- character, computer generated passwords. In case of a breach, you can assume that all passwords have been intercepted, so they should be changed as soon as possible. The following CLI script may help:

$n98 admin:user:list --format=csv | grep ,active | while read row;
     user=$(echo $row | cut -d, -f2)
     pass=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w10 | head -n1)
     echo "$user -> $pass"
     $n98 admin:user:change-password "$user" $pass >/dev/null

Use n98-magerun for Magento 1

Don't forget to also change passwords for:

  1. Your database (update env.php/local.xml/wp-config.php as well)
  2. Your hosting account: both your server and your control panel. Also make sure that no malicious SSH keys have been added.
Need expert advice? We are here to help!

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security


Terms & Conditions
Privacy & Cookie Policy
Company Reg 77165187
Tax NL860920306B01