Learn how to configure Magmi in a way that functions with our security policy.
Vulnerability and Nexcess policy
Prior to the 2014 Holiday season, our Systems Operations team scanned all Magento sites hosted on our platform and disabled the Magmi Product Importer in all system infrastructure. This action was based on an email sent by the Magento support team regarding the Magmi vulnerability, which allows an attacker to use the importer to remotely upload malicious code.
For more information regarding the Magmi vulnerability, see Magento Magmi Security Bulletin.
In order to use the Magmi Product Importer safely, you must restrict public access to the importer. Password protecting the importer and limiting access to the importer by IP address are the two best solutions.
Second, rename the Magmi directory, as our team has blocked access to the Magmi directory on our servers.