Security Subscription

Compatibility: The module is now compatible with Magento 2.4.7

The Security extension for Magento 2 offers powerful security features to protect online stores. Store owners can prevent serious security threats like hacker attacks, code injections, and brute force attacks. 

With this module, admins will be alerted to potential risks and be sent messages if someone attempts a break-in. Thus, store owners can protect their stores on time. The Security plugin also tracks suspicious logins with detailed logs. This information includes ID, time, user name, IP, browser agent, URL, status, and file modifications. 

Furthermore, Mageplaza Security module supports an "away mode" to safeguard the store while the administrator is not overseeing the store's operations.

Features

• Compatible with API/GraphQL 
• Provide a detailed checklist to identify insecure elements
• Add brute force protection to stop unauthorized access
• Provide a login log to track all login attempts
• Monitor file changes to detect suspicious activities
• Record action log to capture and oversee all admin activities
• Enable away mode to block all login attempts

Benefits

• Protection against cyber threats: Security extension helps safeguard your store from common threats like brute force attacks and unauthorized access.
• Real-time monitoring: This module provides real-time tracking and alerts for suspicious activities. Thus, merchants can take immediate preventive measures to prevent potential breaches. 
• Data security: By securing customer data, store owners can build long-term trust with customers and keep businesses compliant with data protection regulations.
• Two-factor authentication: Store admins can prevent unauthorized access to the admin panel by adding an extra layer of security, two-factor authentication.
• Smooth operations: By reducing downtime from security incidents, businesses can ensure their Magento store operates smoothly without interruptions.

Highlight Features

Offer a comprehensive security checklist

Security extension for Magento 2 provides a security checklist that helps administrators identify and solve potential vulnerabilities. The plugin automatically shows warnings for possible security risks in the following areas: 

• Admin username: The system will check the admin account name. If the default name is too easy to guess or commonly used, a message will alert the store owner.
• Captcha: The module verifies the activation of the captcha on both the backend (admin login) and frontend (customer login) of the store. Captcha helps prevent automated bots from attempting to log in. If the captcha is not enabled, the message will warn the store owner to enable the captcha.
• Magento version: It checks the Magento version that the store owner is using. Running an outdated version can make the store vulnerable to security risks. If the store is not up-to-date, the checklist will alert store owners to update the latest Magento version.
• Database prefix: The extension checks if the store admins have used the database prefix or not. By using a database prefix, admins add an extra layer of protection, which makes attackers harder to guess table names. If no prefix is used, the checklist will warn store owners to use them for database security.

Support the brute force attack protection

Store admins can limit the number of failed login attempts and the time frame in which they occur. This restriction is important because it will send shop owners a warning message. The alert will be triggered whenever the store encounters risks of break-in attempts.

Provide the login log 

Security plugin for Magento 2 tracks and logs all login attempts. This information includes ID, User name, Time, IP, URL, Browser Agent, and Status (failure or success). By having this information at their fingertips, admins can determine unauthorized access activities. They can take preventive measures like strengthening password policies, enabling two-factor authentication, or blocking suspicious IP addresses.

Back up the action log [Pro edition]

An online store managed by multiple administrators faces potential security threats. Hackers can break in and harm the online store. Hence, an advanced report of all actions performed in the admin panel and backed up is a great solution. 

With the Professional edition of Security extension, businesses will receive a comprehensive report. This report provides detailed information about the time, IP address, username, and specific actions or action modifications. Notably, all actions recorded in the Action Log are automatically saved as CSV files in this section. Clicking on any log will start the file download immediately.

Detect file changes [Pro edition]

Hackers can make unauthorized changes to important files, which can harm the online store. To protect your business, a tracking and warning system is essential. This module creates master hashes (reindexes) to scan all files and detect any changes in the backend, such as additions, edits, or deletions. When changes are detected, they are recorded and saved in the admin log. Then, an email alert is sent to admins promptly.

Enable away mode [Pro edition]

Break-ins often happen when admins can't monitor the online store. To prevent risks, admins should be alert to unusual logins during nighttime or days off. Thus, the away mode feature of the Security plugin is a great solution to restrict break-ins at specific times. It allows admins to block all login attempts, which helps protect their stores 24/7 without constant monitoring.

More Features

• Blacklist/whitelist IPS: Easily configure IP address management to block (blacklist) or allow (whitelist) specific ranges.
• Warning email templates: Scroll warning email templates automatically to the top of the page when loading results, ensuring visitors see them first.
• Login report: Offer a concise report of the 5 most recent logins, showing user names, login status, and time on the dashboard.

Full Features List

General configuration

• Enable or disable the Security module
• Enter the email address to receive emails for warnings

Brute force protection

• Enable or disable the brute force protection
• Set the maximum number of failed login attempts
• Set allowed duration
• Turn on user locked alert
• Select the email template to send alerts

Blacklist/whitelist IPs

• Enter Blacklist IPs: block IP address
• Enter Whitelist IPs: allow IP address

Records

• Log the login activity
• View login details
• Show the 5 newest logins on the dashboard, including the usernames, login status, and time
• Display the last login information
• Offer security checklist: admin's username, captcha, Magento version, database prefix

Another feature

Integrate with Google reCaptcha extension 

Extra support

• 60-day money back
• Extensive support 
• Frequent updates
• Install via composer

Documentation

User guide | Installation guide