In Magento Enterprise Edition a security feature has been implemented which allows you to set the number of failed login attempts after which your account will get locked.
To make these security setting go to Admin >> System > Configuration, click the Admin tab in the left column, and select the Security section. Now make the following settings and save the configuration:
Maximum Login Failures to Lockout Account – Determines the number of consecutive failed login attempts that will cause that account to become locked. If you do not want to enable the lockout feature, leave this field blank.
Lockout Time (minutes) – Determines the duration, in minutes, for which the account will be locked after the failed logins.
After the “Lockout Time“, the account will be unlock on their own but if you want to get them unlocked before that period, here are the ways you can do that:
1. Using Magento Admin
If you have any other user with full Administrator permissions then he can unlock your account from Magento admin by navigating to System > Permissions > Locked Users
2. Using phpMyAdmin
a) Open phpMyAdmin and select the Magento website database.
b) Now find the ‘admin_user’ table and open it.
c) Look for the user row you want to unlock it.
d) Click the “Edit” link for row and make the following data changes:
failures_num = 0,
first_failure = NULL,
lock_expires = NULL
e) Save the changes.
3. Using MySql client
a) Login MySql
$ mysql -uusername -p
This will ask for mysql user ‘username’ password. Type the password and press enter.
b) Select the Magento database
use magentodatabase;
c) Now run the following query for unlocking the user with username ‘admin’
UPDATE admin_user SET failures_num = 0, first_failure = NULL, lock_expires = NULL WHERE username = 'admin';
If userid is known then you can also use the following query (assuming user_id to be 1):
UPDATE admin_user SET failures_num = 0, first_failure = NULL, lock_expires = NULL WHERE user_id = 1
Magento does the same in its unlock($userIds) function located in file \app\code\core\Enterprise\Pci\Model\Mysql4\Admin\User.php
Leave a Comment