We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.

Your Digital Commerce Experts
Nexcess Logo

How to configure the Magento Product Importer (Magmi)

September 11, 2019

Learn how to configure Magmi in a way that functions with our security policy.

Vulnerability and Nexcess policy

Prior to the 2014 Holiday season, our Systems Operations team scanned all Magento sites hosted on our platform and disabled the Magmi Product Importer in all system infrastructure. This action was based on an email sent by the Magento support team regarding the Magmi vulnerability, which allows an attacker to use the importer to remotely upload malicious code.

For more information regarding the Magmi vulnerability, see Magento Magmi Security Bulletin.

 Read How to Improve the Security of Your Magento Store.

Using Magmi

In order to use the Magmi Product Importer safely, you must restrict public access to the importer. Password protecting the importer and limiting access to the importer by IP address are the two best solutions.

Second, rename the Magmi directory, as our team has blocked access to the Magmi directory on our servers.


For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

Jason Dobry