Mageplaza Magento 2 Security Extension

- Uncategorized

Have you ever concerned about your e-store’s vulnerability? It seems like there exist many security flaws of which hackers can take advantage to serve their evil purposes. In fact, it is uneasy and costly to hire an IT expert to keep an eye on your store’s security issues; but if you don’t care much about this, your store can be an ideal prey for bad guys. That is the reason why it is essential to have a thorough yet economical solution that helps handle all the fundamental difficulties you are facing.

Get Mageplaza Magento 2 Security Extension

One of the most worrying security issues which still exists as a backlog in default Magento 2 is the security flaw in its login process to the admin panel. As there is no adequate warning system whenever doubting login attempts occur, it may be too late until any loss can be found.

So, what is that solution? Mageplaza Security is developed to answer this question. This module is a perfect tool that assists every Magento 2 shop owner to keep their stores safe effortlessly. By just a few clicks, those e-stores will be under 24/7 protection with an effective pre-warning system. Let’s take a fast ride to know how it works so effectively!  

Why choose Mageplaza Security Extension for Magento 2

The Standard version of this extension is free of charge, which is a convincing reason for users. However, many other factors drive customers to use this module rather than its zero cost. Understanding the concerns of shopkeepers, this extension constructs a powerful shield for online stores against sabotage with many incredible defensive solutions. This plugin is not only able to keep the e-store safe but also help admins to keep an eye on the whole operating system with ease. The more reliable the store is, the more willing customers are to shop at that store and also the less splitting headache you have at night. Now, let’s take a look at some impressive features of this module!

Highlight features

  1. Security Checklist

This feature allows the store’s system to identify the possible security risks automatically including admin usernames, captcha, Magento version and database prefixes. All of those potential threats to the store security would be displayed in a checklist, and soonly notified to admins. Noticeably, in Security Checklist Pro, these security issues can be auto-fixed only with few clicks.

  1.   Brute Force Attack Protection

This feature allows admins to set the limitation of failed login attempts. If someone keeps trying to break in the system purposively, the store will auto-protect itself by restricting those login attempts immediately. Also, store owners will be alarmed by a warning message sent to their registered emails.  

  1. Login Log

With this feature, all logins can be tracked and recorded in a log. This feature enables shopkeepers to manage the login information such as ID, Time, Username, IP, Browser Agent, Url and Status (Failed or Successful). Store admins can access those data and trace back to IP address.  

Extra features

  • Blacklist/Whitelist IPs

Store admins can control the login attempts from particular IP addresses. Blacklist IPs restrict all the unwanted logins, whereas the Whitelist IPs limit the addresses that are allowed to access.  

  • Warning Email Templates

Store admins can customize a warning email with several templates. These emails will be sent to admins whenever the system detects potentially harmful break-in attempts.    

  • Login Report

A brief report of 5 most recent logins, along with the information of usernames, login status and login time, is displayed on the Dashboard.

Impressive features in the PRO version 

Professional package of Security Extension is the upgrade of the Standard version with a lot more perfect and innovative features. Although you have to pay if you want to use Professional Security, the benefits it brings to your store will far exceed the what the free package can provide. Except for all listed features above, there are some upgraded factors which are entirely useful to tighten your security.

  1. File change detection

It is a potential threat to the store’s security if necessary files in the admin panel are altered without any notice. This feature allows the system to keep track on every single change of data in the backend including adding, editing and deleting; and record those changes in the admin log. Admins will soon be notified with a report sent to their emails.

  1. Action Log

This feature helps track and report all actions delivered in your store’s admin panel. The reported data includes time, IP, username, specific activities or changes. To enhance the user experience, the data log might be saved to prepare for any unexpected circumstance.

  1. Away mode

Break-ins often happen when admins are unable to observe the store. To prevent the risks, unusual logins during night time or day off should be aware. Away mode is a solution to restrict break-ins made in particular moments. As a result, owners don’t have to keep an eye on their e-stores all the time but still can put their them under 24/7 protection.


This extension is in the recommendation list of many store admins after a while using it. Let’s take a look at some positive reviews that Mageplaza has received so far!  


At the backend, admins can make adjustments in 3 main sections: Configuration, Checklist, and Login Log.


The module can be configured when navigating Store > Settings > Configuration > Mageplaza Extensions > Security

General Configuration

The security module can be activated with ease by choosing “Yes” in the Enable field. Only after turning the extension on can store admins made further changes. In general configuration, admins can set multiple email addresses to receive the same warning message at a time.

Brute Force Protection

After turning this function on, shopkeepers can set the limit number of failed login attempts easily. Also, admins can change the allowed time for each login session, and decide whether to send alert emails or not when the admin account is locked due to failed login attempts. In the Email Template field, different designs for the warning email are available for admins to choose.

Blacklist/Whitelist IPs

Online store merchants can add or remove multiple IPs in Blacklist or Whitelist. In Blacklist(s) field, all IPs included will be restricted to access the login panel, whereas the IP addresses in Whitelist(s) field will be permitted whenever logging in the backend page. What should be kept in mind is that Blacklist(s) has more priority than Whitelist(s), meaning that if there is an IP address that is listed in both fields, it would still be blocked.


Located at System > Security > Checklist, this will list out the possible flaws in the security systems including username, captcha, Magento version, & database prefix.  

The Check admin’s username box lists the low-security account names to warn store owners. Moreover, Checklist will check whether captcha is enabled outside the frontend or in the backend and send alerts if admins forget to enable captcha. If Magento version of the store is out-of-date, store owners will be notified as well. Lastly, in the Check database prefix box, the checklist will alert store owners to use database prefix for security, and whether if it is working correctly.

Login Log

Data about all logins will be tracked and recorded in this Login Log, which can be found in System > Security > Login Log

Main data about all login attempts are saved in a table, including ID, name, username, IP, browser agent, etc. The View button in the Action column links directly to a detailed record of each login. Here is an example:

Last login

With this function, owners can trace the specific time and IP address of each admin’s last access.

Five latest logins

Store owners can quickly view the five newest login attempts (both success of failed) right from the Dashboard. Checking for unusual logins hasn’t been that easy.


In this extension, what is presented at the frontend are mainly warning messages to users if their login attempts exceed the allowed amount, or to admins themselves if the system notices any security risk.

Bad login notification

A warning message with a list of potentially dangerous break-ins will be sent to store owners’ specific emails, which is registered at the backend earlier. Thus, admins can be alert in time, and check the action to solve the security problem.

Lock user notification

This security alert is also sent to specific emails, which notifies store owner if an account is locked because it exceeds the permitted login attempts. Then, store owners can review that case and see whether this is actually harmful or not. If not (maybe admins just forget their password), he/she can decide to unlock the account.

Full features list

Mageplaza develops 2 versions for this extension: Standard and Professional. Why don’t we shortlist the detailed features of each version in a table to have a clear comparison?




Switch on/off extension from the backend



Send alarming messages to specific email addresses



Limit the amount of failed logins permitted in a session



Customize different templates for warning emails



Restrict accesses from Blacklist IP addresses



Only permit login attempts from Whitelist IP addresses



Block/Allow logins from certain IPs



Trace and store login details at the backend



Notify failed/successful login status in a log



Trace login IPs function



Ability to display and view login data



Show the basic information of the 5 most recent accesses on the Dashboard (Usernames, Login status and Time)



Display the Last Login in details



Build security checklist



Fix security issues automatically


Notice file adjustments and send alerts to adminítrators


Trace every action delivered by anyone at the backend


Create a brief report on all actions done at the backend


Restrict logins in particular moments of the day


How to install & upgrade Free Mageplaza Security Extension

The installation and upgrading process of this free Standard version is quite easy. Our recommendation is to install via composer. Follow our guidelines below.

Before the installation, it is essential to note these down:

  • You should duplicate your online store on a staging/test site and try ad-hoc installation on it.
  • Magento files and the store database should be backed up.
  • That Mageplaza_Core must already be installed is the first requirement for the following steps of the setup.

Remember that you will get an error if Mageplaza_Core is not installed.

To install, run the following command in Magento 2 root folder:

To upgrade, run the following command in Magento 2 root folder:

Final words

In a nutshell, this plugin is a powerful tool to help owners manage their stores at the highest security level. Mageplaza Security Extension plays a role of an IT expert who helps you keep an eye on your eCommerce store 24/7 effectively and professionally without any demand for payment. However, of course, if you pay a little bit for the Pro version, the result will be better than what you have expected so far. Your store will be fully controlled with the help of a timely warning system, which makes both you and your customers feel safe and relieved. Don’t hesitate to integrate this module into your e-business any longer!