How To Prevent Flooding In Shopware 6 

- E-Commerce, Shopware

Although Shopware 6 is protected from flooding by default, you can apply different techniques to make your e-commerce website more secure. In this article, we explain what flooding is. After that, you will learn how the system is protected and find out how to save your Shopware 6 website from flooding. Other useful tips on how to work with your e-commerce website are available here: Shopware Cookbook.

Note that we provide Shopware integration with external platforms. Contact our support for further information or try our Improved Import, Export & Mass Actions.

Get Improved Import, Export & Mass Actions for Shopware by Firebear Studio

Explore Shopware

Flooding Defined

Flooding, flood attack, or Denial of Service (DoS) attack is a type of attack on a website when attackers send a very high volume of traffic to a system (server) so that it cannot handle the load

Basic Flood Attack Protection Techniques

Luckily, Shopware knows how to deal with flood attacks. The system restricts malevolent requests with the help of the following flood attack protection techniques. 

Login

Shopware prevents flooding on login pages since registered, guest, and admin users have a limited number of login attempts. They can only log in 10 times before the system delays them.

  • 10 failed login attempts lead to a 10-second delay before a new login attempt;
  • 15 failed login attempts lead to a 30-second delay before a new login attempt;
  • 20 failed login attempts lead to a 60-second delay before a new login attempt.

Note that Shopware resets the limit after a successful login or 24 hours without a failed login.

Contact form

Shopware prevents flooding on a contact form since customers can send a limited number of inquiries before being delayed by the system

  • 3 inquiries lead to a 30-second delay;
  • 5 inquiries lead to a 60-second delay;
  • 10 inquiries lead to a 90-second delay.

Shopware resets the limit after 24 hours.

Password reset

Storefront and admin users have 3 attempts to reset their password before Shopware delays them:

  • 3 failed login attempts lead to a 30-second delay before a new login attempt;
  • 5 failed login attempts lead to a 60-second delay before a new login attempt;
  • 10 failed login attempts lead to a 90-second delay before a new login attempt.

Shopware resets the limit after 24 hours.

Storefront 

On a storefront, a customer sees the following alert:

How To Prevent Flooding In Shopware 6

How To Prevent Flooding In Shopware 6

Shopware 6 lets you edit the above rules to make your e-commerce website even more secure. However, you won’t find the corresponding configuration section on the administration. You need to apply changes to the copy of the /framework/resources/config/packages/shopware.yaml file saved in your shop root directory under config/packages/shopware.yaml. The following core sections are available in the file:

  • login – flooding prevention for storefront login for registered customers;
  • guest_login – flooding prevention for storefront login for guests;
  • oauth – flooding prevention for admin area login;
  • reset_password – flooding prevention for storefront cutomer password reset;
  • user_recovery – flooding prevention for admin area password reset;
  • contact_form – flooding prevention for contact form.

You can apply custom limits and intervals. Also, it is possible to disable each function by replacing “enabled: true” with “enabled: false”.

The default configuration of flood attack prevention in Shopware 6 looks as follows:

Shopware 6 Essentials FAQ

How to create a Shopware account?

Creating a Shopware account is a basic step required to run your e-commerce business. The process looks as follows: visit the registration page, hit the Register Now link, and fill in the form to create a new account. After receiving a confirmation email, follow the instructions provided in it.

What about a Shopware ID?

You will get your Shopware ID automatically upon registration.

What is Shopware master data?

All the information about your company and business, such as physical addresses, phone numbers, emails, stored in your admin is called Shopware master data.

How to add a new Shopware shop?

It is possible to add a shop to your Shopware account in your merchant area. Hit the corresponding link, choose the type of your new shop (a cloud storefront or an on-premise installation), and provide all the information the system requires. Don’t forget the password associated with its admin!

How to add a payment method to your Shopware account?

You need a payment method to create a deposit to buy extensions and themes for your Shopware website. Go to Basic Information -> Accounting and select PayPal, credit card, or direct debit as a way to transfer funds to your account.

How to create a deposit in Shopware?

When the internal payment method is enabled, you can transfer money to your account to create a deposit. It is possible in your Merchant Area -> Shops. Choose a shop to provide funds to, click Open Account Details, and transfer a deposit that covers the amount of your future purchase.

How to purchase Shopware extensions?

Go to the Shopware Marketplace or open the Plugin Manager to buy extensions and themes for your website. Next, select a tool you want to buy and complete the checkout. Create a deposit in advance that equals the amount of your future purchase.

How to get support in Shopware?

You can get support with accounting and financials here: financial.services@shopware.com and +49 2555 9288 510. The following contacts are suitable for inquiries regarding license issues: info@shopware.com or call +49 2555 9288 50.

How to automate import and export processes in Shopware 6?

Use the Improved Import, Export & Mass Actions module to automate recurring data transfers. The extension provides the ability to create schedules to launch the corresponding import and export processes automatically.

How to migrate to Shopware 6?

Migration to Shopware 6 is another purpose of the Improved Import, Export & Mass Actions tool. It can transfer data from your existing website to the new platform. You can migrate from other e-commerce systems or the platform’s previous versions. Since we also offer export solutions for Magento and other similar systems, you can simplify your data transfers between them and Shopware. Contact us for more information.

How to integrate Shopware 6 with external systems?

The module is also helpful for the Shopware 6 integration with ERPs, CRMs, accounting tools, and other similar platforms. The Improved Import, Export & Mass Actions extension can help you automate repetitive import and export processes and modify data according to the requirements of your Shopware store during import and vice versa.

Get Improved Import & Export for Shopware by Firebear Studio

Explore Shopware