Standard User Guide
Professional User Guide

Magento 2 Security Extension

v4.0.4
*Magento Edition
*Version
+$50
$99
check60-day Money Back checkFrequent Update checkExtensive Support Timeframe checkInstall via Composer
Compatible with: Community: 2.3.* - 2.4.6 Enterprise: 2.3.* - 2.4.6

Mageplaza Security Extension for Magento 2 helps safeguard the store’s website from serious security threats such as break-in attempts, brute force attacks, etc. The module will automatically display all warnings of possible security risks and send messages if someone is trying to break in so that admins can protect the store on time.

Additionally, businesses can track suspicious login with information like ID, Time, User name, IP, Browser Agent, URL, and Status. Other actions, like changing files, will also be recorded.

Notably, Security for Magento 2 provides the Away Mode to protect the store when admins are on their break.

  • Compatible with API/GraphQL
  • Provide a security checklist to find insecure factors
  • Support brute force attack protection to prevent unauthorized access
  • Provide login log to record login attempts
  • Detect file changes to recognize suspicious actions
  • Record action log to record and track all admin activities
  • Activate away mode to block all login attempts

Grab all possible security risks via a security checklist
    Business goal:
    • Receive warnings about possible security threats to make necessary adjustments
    Default Magento 2 limitation:
    • Lack of preview details about the performed action by the user
    Solutions:
    • Provide a security checklist that automatically shows warnings for all possible security risks on the website
    • Display threats in admin username, captcha, database prefix, Magento version

Protect the store from break-in attempts by setting a time limit for failed login attempts
    Business goal:
    • Defend against possible harmful logins from hackers
    Default Magento 2 limitation:
    • Can't configure the login process with a default Magento backend
    Solutions:
    • Set a limit number of times for failed login attempts
    • Send a warning message to the admin whenever there is a break-in attempt

Keep track of all logins on the website with the login log record
    Business goal:
    • View the login information and trace people who signed in to the store
    Default Magento 2 limitation:
    • Don't allow admins to extract information from logins
    Solutions:
    • Track and record a login log with all information
    • Let the admin view the ID, User name, IP, Time, Browser, URL, and the status of each login

Provide blacklist or whitelist IP addresses in the configuration section
    Business goal:
    • Control website access ability of specific IP addresses
    Default Magento 2 limitation:
    • Can't set up a blacklist or whitelist with a default Magento store
    Solution:
    • Let admins block or allow certain IP addresses in the backend
    • Allow admins to trace suspicious IP addresses with break-in attempts and blacklist them so they won't be able to access your website from their IP


Minimize security risks with the security checklist and brute force protection

With the Magento 2 Security extension, businesses can evaluate and control the security level of their Magento websites. It provides them with a detailed list of security checks, limits the number of failed login attempts, and sets an allowed duration to help you ensure that your website is as well-protected as possible.

Identify and prevent unauthorized access to the website via the record grids

Mageplaza Magento 2 Security extension provides supportive features that help businesses track all logins and file changes to their website, which can help them identify and prevent unauthorized access.

Restrict all login attempts in a specific period with away mode [Pro edition]

With the Magento 2 Security Extension extension from Mageplaza, merchants can restrict access to the admin page during specific periods. Thus, they can prevent unauthorized access to their store's sensitive information.



Blacklist/whitelist IPS

Blacklist/whitelist IPS

Block or allow a range of IP addresses in the backend. It is easy to set up in the backend

Warning email templates

Warning email templates

Automate scrolling warning email templates to the top when loading results for your visitors to view on the page

Out-of-stock options

Login report

Provide a short report of the 5 most recent logins, including information about user names, login status, and time on the dashboard



Overall rating
5
5
4
3
2
1
Your Rating:
Darwin
31 January 2024

As an e-commerce store owner, the security of my online business is of paramount importance. Recently, I integrated Security Extension into my platform, and the impact has been nothing short of exceptional.

walter
21 December 2022

Simple to set up and very easy to use. As a non-technical person, after installation, it is easier to understand the security situation of my server. thanks

Chelto
02 May 2022

Love that it's a complete pack to get so you only need one tool like this and you'll know that you have done enough to protect your store.

Huestis
19 April 2022

I had some issues with installation and they made solution for me in time. Highly recommended Mageplaza and will buy more extensions here. 1000 Stars!!!

faraz bashir
16 April 2021

Thanks, Mageplaza team your all extension is very helpful and I have purchased your many paid and free extension. Your all extension and Support is excellent and Mageplaza is one of the best Magento 2 developer company

sharon
15 April 2021

They are simply the best, this is such a pleasure to work with them and I worked with a lot of developers. Thanks for everything!

Megha
15 March 2020

This extension was able to provide us details and we were able to blacklist IPs that were attempting to brute force admin area. The file change detection is not working on 2.3.4 but we hope to resolve it with the support. Mageplaza should add additional features such as automatic blacklist addition if IP is found on the AbuseIP database for example. Overall satisfied.

Ran
30 December 2019

Best service ever!

Jerry
17 October 2019

This extension works well, as it allows me to view who's logging into the admin page. Features that should've been native to Magento but isn't! Good job Mageplaza, any added security to Magento is welcome!

Hasan
30 May 2019

I just worked with Eric on Security Extension and he was very fast and helpful with my issue. I definitely appreciate this kind of support and will continue to speak highly about Mageplaza!

xdev
29 May 2019

Really good for protecting your website! It can set a blacklist or a whitelisted IP, prevent brute force attack and set a warning email! I would definitely recommend this module to keep you ecommerce safe.

wrc
25 March 2019

I purchased the Pro version and definitely more advanced. If you have a Magento store, I think you have to buy this extension. Security is more important than anything. Thank you Mageplaza!!

cheffe
20 February 2019

We installed this extension after a brute force attack. The installation was easy and done in a few minutes. I was not sure about the correct configuration so that I had to contact the support team to finish the configuration.

Mahesh
07 February 2019

This extension is very useful to track your Magento store's Admin user activities. I'm using it for some time and I found no issues with it and it works perfectly. Anyone should try this extension on their Magento store so that they can have the best logging tool in their store. Thank you

Moussa
02 February 2019

I have installed it but forgot to install the library, the support team was very kind to reinstall the library and set it up. It works great, looking forward to get the Pro version.

Marina
03 January 2019

Installed this extension and out of blue my Magento store is secured. Nice features, great usability, and nice coding. No bugs, all works perfectly. Highly recommended Magento 2 extension. Keep up good work!

Ashan
07 December 2018

This extension is very useful to track your Magento store's Admin user activities. I'm using it for some time and I found no issues with it and it works perfectly. Anyone should try this extension on their Magento store so that they can have the best logging tool in their store.

Aziz
04 December 2018

This is one important and indispensable Security module. We were looking for a Security module and found this useful one from a reliable source. And guess what! It is a free module. That's awesome!

Abdulrahman
10 November 2018

This is a good idea to offer it with the free edition. So once you try it, you will feel that it's good enough to have the paid one. Again, I would like to mention how great the support team is. They are super friendly and willing to assist as well. I'm looking for my next step to buy the paid version.

lafaifia
22 September 2018

I needed to view the log action in my admin website, so I tried to use this product, what it offers is not bad so you can see some logs actions.

Markus
17 September 2018

It is nice to have the ability to log the logins when you have multiple accounts and a need for seeing anywhen and anywhere they have occurred. Also, the checklist is a nice touch. Overall: Good stuff for free :=)

Alexander
05 September 2018

The installation was so easy and because there are many colleagues who have an account, I can see exactly what is going on. This is a must-have extension. Also, the support is also very good.

kaznaur
09 August 2018

This module is a very useful tool to control the basic logging of Admin users on your website. It would be better to have the action log of the users as well, but I guess it comes with a paid version :)

Nature Skin Shop
20 July 2018

I see no issues with Security extension. It seems to be running as it should. Now I am happy with my purchase. I have tested the features, and they are working well. I recommend this to anyone who wants little extra security.

Donovan
02 June 2018

The Standard (free) edition is a great way to get a security check that will advise you of ways to secure your store (I've implemented these changes), as well as getting a list of last logins to your admin panel. This can help reassure you that others are not accessing your store, and you can check the date of your last login to make sure that was you. The usefulness of this extension, and by making it free, means I will be considering the Professional edition.

Crue1980
15 March 2018

I’ve got to say that it’s too good to have a free extension like Mageplaza Security. It works well on my store and helps prevent bad break-in attempts so effectively. No complaints for this.

Harry
15 March 2018

I like the way Mageplaza support team works. Quick and effective! This extension is also awesome with adequate features for my online store.

Lucy
15 March 2018

I’m pleased with the quality of the extension, no bugs for my store. The extension gives me peace of mind about the security of my online store. Good work, Mageplaza~



All of the feature updates plan and status will be updated as soon as possible in our public Trello.

View Mageplaza Extension Roadmap 2023 ->

Don't see the features you are looking for?

Request feature

Want to do extension customization?

Custom request

Let us know your requirements



  • Compatibility: The extension is now compatible with Magento 2.4.6

  • Compatibility: The extension is now compatible with Magento 2.4.4

  • Compatibility: The extension is now compatible with Magento 2.4.3
  • New Feature: We added Clear Login Logs
  • Bug Fix: We fixed minor bugs

  • Compatible with Magento v2.3.7
  • Added Clear Login Logs
  • Fixed minor bugs

  • Compatible with Magento v2.4.2

  • Supported Magento v2.4

  • Fixed minor bugs

  • Fixed minor bugs
  • Improved code style & performance

Compatible with Magento 2.3.1


  • Update Module license

Security Pro

  • Fixed error when compiling module on Magento 2.2

  • Update email template “lock-user”

Fix bug get wrong IP address if server use Varnish Cache


  • Add Checklist feature
  • Add Module Activation
  • Move backend module menu to Magento System menu

Initial module v1.0.0



You can enable the extension by following these steps:

  • Step 1: Go to Stores > Settings > Configuration > Mageplaza> Security.
  • Step 2: In the Enable field, choose Yes to turn the Security module on.
  • Step 3: Click on Save Config to save your changes.

You can do several things to make your Magento 2 website more secure than others with the Mageplaza Security extension. You can set up unrecognized admin panel login alerts, blacklist and whitelist IP addresses, and brute force attack email notifications.

If the maximum number of times logins fail is reached, a warning email will be sent to email addresses that are set.

You sure can. It is easy to customize warning email templates in Magento 2. There are 4 steps to customize the email template. Read this step-by-step guide now!

If you get locked out of your Magento 2 store, the module will automatically display all warnings of possible security risks and send messages to the email address. If you assume that this is a mistake, please follow our guide to unblock.

Exactly! It logs both Failure and Success status.

The standard version of the Mageplaza Security extension is still free on Github. However, the GitHub version does not include the Mageplaza technical support package. If you are still considering downloading the security module on Github, please visit here.

Mageplaza Security is compatible out-of-the-box with Magento Open (Community), Magento Commerce (Enterprise), Magento Cloud 2.2.x, 2.3.x, 2.4.x..


</table> </div> </div> </div>
Standard Professional
General Configuration
Enable/Disable the module
Enter the email address to receive warning emails
Brute force protection
Enable/disable using brute force protection
Set maximum number of failed login attempts
Set allowed duration
Turn on user locked alert
Choose an email template to send alerts
Blacklist/whitelist IPs
Enter Blacklist IPs: block IP address
Enter Whitelist IPs: allow IP address
Action log backup configuration
File change configuration
Choose the frequency of action log backup: daily, weekly, monthly
Automatically backed up as a csv file
Click on any file, leading to an automatic download
Enable clear log after backup
Away mode
Don't allow to log in until away mode ends
Prohibit from logging in and operating on some days of week
File change configuration
Allow exclude files and folders
Create master hashes
Automatically check file changes and send an alert email daily using cron
Track file changes, including creating, modifying, and deleting files
Clear log button
Choose an email template to send alerts
Records
Record the login log
View login details
Display the 5 newest logins on the dashboard with their usernames, login status and time
Display the last login information
Provide security checklist: admin's username, captcha, Magento version, database prefix
Auto-fix security issues
Track all actions performed by anyone in the backend
Report on action log backup
Detect file changes and notice admins on a regular basis
Another feature
Integrate with Magento 2 Google reCaptcha
Support
Auto-fit with every device (Mobile, Tablet, PC)
Support multiple stores
Support multiple languages
Fully compatible with Mageplaza extensions
Free support included within the subscription period
60 days guarantee money back

Pricing

Choose your suitable edition.

Standard

Crafted for a great webstore start $ 99 first year

  • 1-year extension updates
  • 1-year support
  • 60-day money-back guarantee
  • Read our policies
  • 1-year extension updates
  • 1-year support
  • 60-day money-back guarantee
  • Supports for Magento 2 Community Edition

Professional

The most popular $ 149 first year

  • 1-year extension updates
  • 1-year support
  • 60-day money-back guarantee
  • Read our policies
  • Compatible with Magento 2 Google reCaptcha
  • 1-year extension updates
  • 1-year support
  • 60-day money-back guarantee
  • Supports for Magento 2 Community Edition (Magento Open Source)
  • Includes all Standard features plus
  • File change detection
  • Away mode
  • Alert Emails
  • Blacklist/Whitelist IPs
*Magento Edition
*Version
+$50
$99
check60-day Money Back checkFrequent Update checkExtensive Support Timeframe checkInstall via Composer
Compatible with: Community: 2.3.* - 2.4.6 Enterprise: 2.3.* - 2.4.6

Why choose Mageplaza Magento 2 Security

Worried about the potential threat of hackers accessing and stealing your important data? Mageplaza Magento 2 Security extension will help you solve all your concerns. Integrate an automatic email-sending feature to receive the warning message timely. Provide store admins with a security checklist that automatically displays all warnings of possible security risks to assist online store owners in identifying insecure factors. Record all logins in a log to prevent break-in attempts.

Security image Security image Security image Security image Security image
60-day Money Back

60-day Money Back

Extensive 60-day money-back period. You love it or get a full refund no questions asked.

Extensive Support

Extensive Support

Mageplaza provides support 16 hrs/day, 5.5 days/week to guarantee the seamless operation of our extensions on your store.

Install via Composer

Install via Composer

ESimple installation via composer helps you save time and eliminates technical issues during future updates.

Frequent Updates

Frequent Updates

Intensive update roadmaps ensure great performance, bug-free, highly compatible, and innovative extensions.