How to change all Magento admin passwords
by Sansec Support
Published in Knowledgebase
It is recommended to use at least 10- character, computer generated passwords. In case of a breach, you can assume that all passwords have been intercepted, so they should be changed as soon as possible. The following CLI script may help:
n98=n98-magerun2
$n98 admin:user:list --format=csv | grep ,active | while read row;
do
user=$(echo $row | cut -d, -f2)
pass=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w10 | head -n1)
echo "$user -> $pass"
$n98 admin:user:change-password "$user" $pass >/dev/null
done
Use n98-magerun for Magento 1
Don't forget to also change passwords for:
- Your database (update env.php/local.xml/wp-config.php as well)
- Your hosting account: both your server and your control panel. Also make sure that no malicious SSH keys have been added.
What is Magecart?
Also known as digital skimming, this crime has surged since 2015. Criminals steal card data during online shopping. Who are behind these notorious hacks, how does it work, and how have Magecart attacks evolved over time?
About Magecart