Magento has a few fields in the Admin Panel that accept arbitrary code that is then being rendered either in the footer or header on each page load. Hackers try to exploit this by inserting malicious code into these field, executing it unknowingly to the user. This is where the Misc Script Disabler extension comes in. It will disable all the potential fields that could execute malicious code. This includes the fields:
- Miscellaneous Scripts
- Miscellaneous HTML
- Copyright
All the fields can be found in the admin under: System->Configuration->General->Design
The extension will nullify the Miscellaneous Scripts and Miscellaneous HTML, the Copyright field will only be disabled if potential code is detected. So you are still able to add a copyright to your site.
Optionally, the extension can notify you every 24 hour if any of the 3 fields have been tampered with. The notification will continue until the code has been removed from the fields.
The Misc Script Disabler extension for Magento is available on the Magento Marketplace or from our Downloads page.
If you have a question about the iOS Alerts extension for Magento or the Magento Alerts app for iPhone, please post on the Q & A section of our Magento Marketplace page.
If you have any unanswered questions about this app after visiting the Q & A section of our Magento Marketplace page, feel free to contact Insight Designs directly by email at apps@insightdesigns.com