Mageplaza Magento 2 Security Extension
Have you ever concerned about your e-store’s vulnerability? It seems like there exist many security flaws of which hackers can take advantage to serve their evil purposes. In fact, it is uneasy and costly to hire an IT expert to keep an eye on your store’s security issues; but if you don’t care much about this, your store can be an ideal prey for bad guys. That is the reason why it is essential to have a thorough yet economical solution that helps handle all the fundamental difficulties you are facing.
One of the most worrying security issues which still exists as a backlog in default Magento 2 is the security flaw in its login process to the admin panel. As there is no adequate warning system whenever doubting login attempts occur, it may be too late until any loss can be found.
So, what is that solution? Mageplaza Security is developed to answer this question. This module is a perfect tool that assists every Magento 2 shop owner to keep their stores safe effortlessly. By just a few clicks, those e-stores will be under 24/7 protection with an effective pre-warning system. Let’s take a fast ride to know how it works so effectively!
Table of contents
Why choose Mageplaza Security Extension for Magento 2
The Standard version of this extension is free of charge, which is a convincing reason for users. However, many other factors drive customers to use this module rather than its zero cost. Understanding the concerns of shopkeepers, this extension constructs a powerful shield for online stores against sabotage with many incredible defensive solutions. This plugin is not only able to keep the e-store safe but also help admins to keep an eye on the whole operating system with ease. The more reliable the store is, the more willing customers are to shop at that store and also the less splitting headache you have at night. Now, let’s take a look at some impressive features of this module!
Highlight features
-
Security Checklist
This feature allows the store’s system to identify the possible security risks automatically including admin usernames, captcha, Magento version and database prefixes. All of those potential threats to the store security would be displayed in a checklist, and soonly notified to admins. Noticeably, in Security Checklist Pro, these security issues can be auto-fixed only with few clicks.
-
Brute Force Attack Protection
This feature allows admins to set the limitation of failed login attempts. If someone keeps trying to break in the system purposively, the store will auto-protect itself by restricting those login attempts immediately. Also, store owners will be alarmed by a warning message sent to their registered emails.
-
Login Log
With this feature, all logins can be tracked and recorded in a log. This feature enables shopkeepers to manage the login information such as ID, Time, Username, IP, Browser Agent, Url and Status (Failed or Successful). Store admins can access those data and trace back to IP address.
Extra features
- Blacklist/Whitelist IPs
Store admins can control the login attempts from particular IP addresses. Blacklist IPs restrict all the unwanted logins, whereas the Whitelist IPs limit the addresses that are allowed to access.
- Warning Email Templates
Store admins can customize a warning email with several templates. These emails will be sent to admins whenever the system detects potentially harmful break-in attempts.
- Login Report
A brief report of 5 most recent logins, along with the information of usernames, login status and login time, is displayed on the Dashboard.
Impressive features in the PRO version
Professional package of Security Extension is the upgrade of the Standard version with a lot more perfect and innovative features. Although you have to pay if you want to use Professional Security, the benefits it brings to your store will far exceed the what the free package can provide. Except for all listed features above, there are some upgraded factors which are entirely useful to tighten your security.
-
File change detection
It is a potential threat to the store’s security if necessary files in the admin panel are altered without any notice. This feature allows the system to keep track on every single change of data in the backend including adding, editing and deleting; and record those changes in the admin log. Admins will soon be notified with a report sent to their emails.
-
Action Log
This feature helps track and report all actions delivered in your store’s admin panel. The reported data includes time, IP, username, specific activities or changes. To enhance the user experience, the data log might be saved to prepare for any unexpected circumstance.
-
Away mode
Break-ins often happen when admins are unable to observe the store. To prevent the risks, unusual logins during night time or day off should be aware. Away mode is a solution to restrict break-ins made in particular moments. As a result, owners don’t have to keep an eye on their e-stores all the time but still can put their them under 24/7 protection.
Testimonials
This extension is in the recommendation list of many store admins after a while using it. Let’s take a look at some positive reviews that Mageplaza has received so far!
Backend
At the backend, admins can make adjustments in 3 main sections: Configuration, Checklist, and Login Log.
Configuration
The module can be configured when navigating Store > Settings > Configuration > Mageplaza Extensions > Security
General Configuration
The security module can be activated with ease by choosing “Yes” in the Enable field. Only after turning the extension on can store admins made further changes. In general configuration, admins can set multiple email addresses to receive the same warning message at a time.
Brute Force Protection
After turning this function on, shopkeepers can set the limit number of failed login attempts easily. Also, admins can change the allowed time for each login session, and decide whether to send alert emails or not when the admin account is locked due to failed login attempts. In the Email Template field, different designs for the warning email are available for admins to choose.
Blacklist/Whitelist IPs
Online store merchants can add or remove multiple IPs in Blacklist or Whitelist. In Blacklist(s) field, all IPs included will be restricted to access the login panel, whereas the IP addresses in Whitelist(s) field will be permitted whenever logging in the backend page. What should be kept in mind is that Blacklist(s) has more priority than Whitelist(s), meaning that if there is an IP address that is listed in both fields, it would still be blocked.
Checklist
Located at System > Security > Checklist, this will list out the possible flaws in the security systems including username, captcha, Magento version, & database prefix.
The Check admin’s username box lists the low-security account names to warn store owners. Moreover, Checklist will check whether captcha is enabled outside the frontend or in the backend and send alerts if admins forget to enable captcha. If Magento version of the store is out-of-date, store owners will be notified as well. Lastly, in the Check database prefix box, the checklist will alert store owners to use database prefix for security, and whether if it is working correctly.
Login Log
Data about all logins will be tracked and recorded in this Login Log, which can be found in System > Security > Login Log
Main data about all login attempts are saved in a table, including ID, name, username, IP, browser agent, etc. The View button in the Action column links directly to a detailed record of each login. Here is an example:
Last login
With this function, owners can trace the specific time and IP address of each admin’s last access.
Five latest logins
Store owners can quickly view the five newest login attempts (both success of failed) right from the Dashboard. Checking for unusual logins hasn’t been that easy.
Frontend
In this extension, what is presented at the frontend are mainly warning messages to users if their login attempts exceed the allowed amount, or to admins themselves if the system notices any security risk.
Bad login notification
A warning message with a list of potentially dangerous break-ins will be sent to store owners’ specific emails, which is registered at the backend earlier. Thus, admins can be alert in time, and check the action to solve the security problem.
Lock user notification
This security alert is also sent to specific emails, which notifies store owner if an account is locked because it exceeds the permitted login attempts. Then, store owners can review that case and see whether this is actually harmful or not. If not (maybe admins just forget their password), he/she can decide to unlock the account.
Full features list
Mageplaza develops 2 versions for this extension: Standard and Professional. Why don’t we shortlist the detailed features of each version in a table to have a clear comparison?
|
Function |
Standard |
Professional |
|
Switch on/off extension from the backend |
x |
x |
|
Send alarming messages to specific email addresses |
x |
x |
|
Limit the amount of failed logins permitted in a session |
x |
x |
|
Customize different templates for warning emails |
x |
x |
|
Restrict accesses from Blacklist IP addresses |
x |
x |
|
Only permit login attempts from Whitelist IP addresses |
x |
x |
|
Block/Allow logins from certain IPs |
x |
x |
|
Trace and store login details at the backend |
x |
x |
|
Notify failed/successful login status in a log |
x |
x |
|
Trace login IPs function |
x |
x |
|
Ability to display and view login data |
x |
x |
|
Show the basic information of the 5 most recent accesses on the Dashboard (Usernames, Login status and Time) |
x |
x |
|
Display the Last Login in details |
x |
x |
|
Build security checklist |
x |
x |
|
Fix security issues automatically |
x |
|
|
Notice file adjustments and send alerts to adminítrators |
x |
|
|
Trace every action delivered by anyone at the backend |
x |
|
|
Create a brief report on all actions done at the backend |
x |
|
|
Restrict logins in particular moments of the day |
x |
How to install & upgrade Free Mageplaza Security Extension
The installation and upgrading process of this free Standard version is quite easy. Our recommendation is to install via composer. Follow our guidelines below.
Before the installation, it is essential to note these down:
- You should duplicate your online store on a staging/test site and try ad-hoc installation on it.
- Magento files and the store database should be backed up.
- ThatMageplaza_Core must already be installed is the first requirement for the following steps of the setup.
Remember that you will get an error if Mageplaza_Core is not installed.
To install, run the following command in Magento 2 root folder:
|
1 2 3 |
composer require mageplaza/module-security php bin/magento setup:upgrade php bin/magento setup:static-content:deploy |
To upgrade, run the following command in Magento 2 root folder:
|
1 2 3 |
composer update mageplaza/module-security php bin/magento setup:upgrade php bin/magento setup:static-content:deploy |
Final words
In a nutshell, this plugin is a powerful tool to help owners manage their stores at the highest security level. Mageplaza Security Extension plays a role of an IT expert who helps you keep an eye on your eCommerce store 24/7 effectively and professionally without any demand for payment. However, of course, if you pay a little bit for the Pro version, the result will be better than what you have expected so far. Your store will be fully controlled with the help of a timely warning system, which makes both you and your customers feel safe and relieved. Don’t hesitate to integrate this module into your e-business any longer!