60-day Money Back


Frequent Update


365-day Support

Magento 2 Security Extension


Mageplaza Security extension for Magento 2 is a perfect security solution for online stores built based on Magento platform. The module helps prevent break-in attempts to your store from hackers. Thanks to an effective warning system, your valued information will be completely protected.

Total price:

$79 ($99)


Frontend Backend
This demo is hosted on Cloudways


User Guide


User Guide


Installation Guide

Magento 2 Security for Magento 2.2.x, 2.3.x, 2.4.x CE/EE/B2B/Cloud/ Adobe Commerce 2.2.x, 2.3.x, 2.4.x


There have been up to 650,000 stores using Magento 2 platform all over the world, and they are being ideal prey for hackers. Your Magento 2 store needs Mageplaza Security module to keep the bad guys out.


Mageplaza Security resolves common Magento 2 security issues. Magento 2 Security extension is a perfect security suite for online stores built based on Magento platform. Mageplaza Security Suite helps prevent break-in attempts to your store from hackers. Thanks to an effective warning system, your valued information will be completely protected

Magento 2 Securrity Extension Highlight Features

Security checklist

Magento 2 Security extension provides store admins a security checklist which automatically displays all warnings of possible security risks about admin username, captcha, Magento version and database prefix.

Brute Force Attack protection

Admins are allowed to set a limit for the number of failed login attempts. This restriction will become a fundamental for the module to send shop owners a warning message whenever the store encounters risks of break-in attempts.

Login log

Mageplaza Security extension tracks and records all logins in a log along with its information like ID, Time, User name, IP, Browser Agent, Url and Status (Failure or Success). Store admins can view the details and trace the IP.

File change detection

Important files in the admin panel should not be changed without any awareness. Unwanted adjustments in the backend made by hackers are harmful to online stores. Hence, a tracking and warning system will definitely provide better protection for your business. The module is able to detect every single change of files in the backend such as adding, editing and deleting. Once these changes are found, they are also recorded and saved in the admin log. Moreover, a report email will be sent to admins shortly.

Action log

That an online store may have multiple admins and that hackers can break in and view or invisibly harm your store force us to find a solution to help you manage and protect it better. An advanced report of all actions performed in your store’s admin panel. In the action log, the information about time, IP, username, specific actions or changes will be reported in details. The datalog can also be compressed and backed up automatically to optimize your store's performance.

Away mode

Break-ins often occur when admins are not able to observe the store. In order to prevent the risks, store admins should be aware of unusual logins during night time or day off. Away mode is a great solution to restrict break-ins made in specific moments. As a result, admins don't have to keep an eye on their stores all the time but still can put their store under 24/7 protection.

More Features
Check out more details of Mageplaza Security


Blacklist/Whitelist IPS

Block or allow a range of IP addresses in backend. It is easy to setup in backend.


Warning email templates

After being enabled in the backend, the page will automatically scroll to top when loading results for your visitors to view.


Login report

A short report of the 5 most recent logins is featured on the Dashboard with the information of user names, login status and time.

Choose your suitable edition. Compare features


Crafted for a great webstore start $79 ($99) first year

  • 1-year extension updates
  • 1-year support
  • 60-day money-back guarantee
  • Read our policies
  • Supports for Magento 2 Community Edition
  • Compare features


The most popular $129 ($149) first year

  • 1-year extension updates
  • 1-year support
  • 60-day money-back guarantee
  • Read our policies

Compare features

Frequently Asked Questions (FAQs)

If the maximum number of times logins are failed is reached, a warning email will be sent to email addresses which are set.

You sure can. It is easy to customize email templates. Read this guide

In this case, any login attempts from your IP address will be blocked. If you assume that this is a mistake, please follow this guide to unblock.

Yes! It logs both Failure and Success status.

Mageplaza Security extension the standard version is still free on Github. However, the Github version does not include Mageplaza technical support package. If you still consider downloading the Security module on Github, please visit here.

Magento 2 Security by Mageplaza is one of the most advanced Security extension. It comes with powerful features which help you save time to send invoice manually and your invoices are professional. Fully compatible with:M2 OneStepCheckout, Social Login, Required Login, Login as Customer...

Mageplaza Security is compatible out-of-the-box with Magento Open (Community), Magento Commerce (Enterprise), Magento Cloud 2.2.x, 2.3.x, 2.4.x..

Reviews (27)

21 December 2022

very easy to use

Simple to set up and very easy to use. As a non-technical person, after installation, it is easier to understand the security situation of my server. thanks

walter -Verified Purchase
02 May 2022

Complete pack

Love that it's a complete pack to get so you only need one tool like this and you'll know that you have done enough to protect your store.

Chelto -Verified Purchase
19 April 2022


I had some issues with installation and they made solution for me in time. Highly recommended Mageplaza and will buy more extensions here. 1000 Stars!!!

Huestis -Verified Purchase
16 April 2021


Thanks, Mageplaza team your all extension is very helpful and I have purchased your many paid and free extension. Your all extension and Support is excellent and Mageplaza is one of the best Magento 2 developer company

faraz bashir -Verified Purchase
15 April 2021

best extensions

They are simply the best, this is such a pleasure to work with them and I worked with a lot of developers. Thanks for everything!

sharon -Verified Purchase
15 March 2020


This extension was able to provide us details and we were able to blacklist IPs that were attempting to brute force admin area. The file change detection is not working on 2.3.4 but we hope to resolve it with the support. Mageplaza should add additional features such as automatic blacklist addition if IP is found on the AbuseIP database for example. Overall satisfied.

Megha -Verified Purchase
30 December 2019

Keep it up Mageplaza!

Best service ever!

Ran -Verified Purchase
17 October 2019

Added Security Always Welcomed

This extension works well, as it allows me to view who's logging into the admin page. Features that should've been native to Magento but isn't! Good job Mageplaza, any added security to Magento is welcome!

Jerry -Verified Purchase
30 May 2019

Love you guys for great support!

I just worked with Eric on Security Extension and he was very fast and helpful with my issue. I definitely appreciate this kind of support and will continue to speak highly about Mageplaza!

Hasan -Verified Purchase
29 May 2019

Good extension to prevent attack!

Really good for protecting your website! It can set a blacklist or a whitelisted IP, prevent brute force attack and set a warning email! I would definitely recommend this module to keep you ecommerce safe.

xdev -Verified Purchase
25 March 2019

Exellent Module!!

I purchased the Pro version and definitely more advanced. If you have a Magento store, I think you have to buy this extension. Security is more important than anything. Thank you Mageplaza!!

wrc -Verified Purchase
20 February 2019

Simply perfect!

We installed this extension after a brute force attack. The installation was easy and done in a few minutes. I was not sure about the correct configuration so that I had to contact the support team to finish the configuration.

cheffe -Verified Purchase
07 February 2019

Must-have extension in site

This extension is very useful to track your Magento store's Admin user activities. I'm using it for some time and I found no issues with it and it works perfectly. Anyone should try this extension on their Magento store so that they can have the best logging tool in their store. Thank you

Mahesh -Verified Purchase
02 February 2019

Geat Extension

I have installed it but forgot to install the library, the support team was very kind to reinstall the library and set it up. It works great, looking forward to get the Pro version.

Moussa -Verified Purchase
03 January 2019

Great extension

Installed this extension and out of blue my Magento store is secured. Nice features, great usability, and nice coding. No bugs, all works perfectly. Highly recommended Magento 2 extension. Keep up good work!

Marina -Verified Purchase
07 December 2018

Must-have extension

This extension is very useful to track your Magento store's Admin user activities. I'm using it for some time and I found no issues with it and it works perfectly. Anyone should try this extension on their Magento store so that they can have the best logging tool in their store.

Ashan -Verified Purchase
04 December 2018

Important module

This is one important and indispensable Security module. We were looking for a Security module and found this useful one from a reliable source. And guess what! It is a free module. That's awesome!

Aziz -Verified Purchase
10 November 2018

Great module

This is a good idea to offer it with the free edition. So once you try it, you will feel that it's good enough to have the paid one. Again, I would like to mention how great the support team is. They are super friendly and willing to assist as well. I'm looking for my next step to buy the paid version.

Abdulrahman -Verified Purchase
22 September 2018

New product

I needed to view the log action in my admin website, so I tried to use this product, what it offers is not bad so you can see some logs actions.

lafaifia -Verified Purchase
17 September 2018

Great plugin

It is nice to have the ability to log the logins when you have multiple accounts and a need for seeing anywhen and anywhere they have occurred. Also, the checklist is a nice touch. Overall: Good stuff for free :=)

Markus -Verified Purchase
05 September 2018

Very good extension

The installation was so easy and because there are many colleagues who have an account, I can see exactly what is going on. This is a must-have extension. Also, the support is also very good.

Alexander -Verified Purchase
09 August 2018

Great for basic logging

This module is a very useful tool to control the basic logging of Admin users on your website. It would be better to have the action log of the users as well, but I guess it comes with a paid version :)

kaznaur -Verified Purchase
20 July 2018

Good extension

I see no issues with Security extension. It seems to be running as it should. Now I am happy with my purchase. I have tested the features, and they are working well. I recommend this to anyone who wants little extra security.

Nature Skin Shop -Verified Purchase
02 June 2018

Well Worth Having

The Standard (free) edition is a great way to get a security check that will advise you of ways to secure your store (I've implemented these changes), as well as getting a list of last logins to your admin panel. This can help reassure you that others are not accessing your store, and you can check the date of your last login to make sure that was you. The usefulness of this extension, and by making it free, means I will be considering the Professional edition.

Donovan -Verified Purchase
15 March 2018

Nice free module

I’ve got to say that it’s too good to have a free extension like Mageplaza Security. It works well on my store and helps prevent bad break-in attempts so effectively. No complaints for this.

Crue1980 -Verified Purchase
15 March 2018

Great support

I like the way Mageplaza support team works. Quick and effective! This extension is also awesome with adequate features for my online store.

Harry -Verified Purchase
15 March 2018

Good quality code

I’m pleased with the quality of the extension, no bugs for my store. The extension gives me peace of mind about the security of my online store. Good work, Mageplaza~

Lucy -Verified Purchase

Leave a Review

How do you rate this product?

Your email address on Mageplaza's store

Plain text, no HTML tags.

Use Cases of Magento 2 Security Extension

Use case 1: Have a checklist to catch all possible security risks

Business goals:

  • Receive warnings about possible security threats to make necessary adjustments.

Default Magento technical limitations:

  • There is simply no guidance on checking all security problems with a default Magento store.


  • Provide a checklist that automatically shows warnings for all possible security risks on the website.
  • Display threats in admin username, captcha, database prefix, Magento version, and more.

Use case 2: Protect the store from break-in attempts

Business goals:

  • Defend against possible harmful logins from hackers

Default Magento technical limitations:

  • You can't configure the login process with a default Magento backend.


  • Set a limit number of times for failed login attempts..
  • Send a warning message to the admin whenever there is a break-in attempt.

Use case 3: Keep track of all logins on the website

Business goals:

  • View the login information and trace people who signed in to the store.

Default Magento technical limitations:

  • It's impossible to extract information from logins if you use a default Magento backend.


  • Track and record a login log with all information.
  • Let admin view the ID, User name, IP, Time, Browser, URL, and the status of each login.

Use case 4: Detect backend file changes

Business goals:

  • Know when there are unauthorized changes in the backend to make necessary protection.

Default Magento technical limitations:

  • You have no way of receiving notifications about backend file modification.

Solutions(Pro Version only)

  • Detects and records all changes in the backend files such as editing, adding, or deleting.
  • Send a report email to admins about the changes.

Use case 5: Manage all actions on site (by admins or not)

Business goals:

  • Identify any suspicious actions on the website to take actions.

Default Magento technical limitations:

  • If there are multiple admins, it's impossible to log all actions in a clear way.

Solutions(Pro Version only)

  • Record all information about IP, username, time, and their specific actions or changes anywhere on the site.
  • Compress and backup the data log to optimize the website's performance.

Use case 6: Blacklist or Whitelist IP addresses

Business goals:

  • Block or allow specific IP addresses to access the website.

Default Magento technical limitations:

  • It's impossible to set up a blacklist or whitelist with a default Magento store.


  • Let admins block or allow certain IP addresses in the backend
  • For example, when you trace suspicious IP addresses with break-in attempts, you can blacklist them so they won't be able to access your website from their IP.

Use case 7: Block all login attempts in a specific period of time

Business goals:

  • Set up days or times to block all login attempts

Default Magento technical limitations:

  • You simply can't configure a timer to stop all login on the website.


  • Provide Away Mode (Pro Version only) - forbidding all login attempts with a time period that you can set.
  • For example, when you are doing technical maintenance on the website, you can turn on Away Mode for a day to protect the website and customers.

All of the feature updates plan and status will be updated as soon as possible in our public Trello.

View Mageplaza Extension Roadmap 2023 ->

Don't see the features you are looking for?

Request feature

Want to do extension customization?

Custom request

Let us know your requirements

Release Notes

  • v4.0.4 (Magento v2.3.x)

    22 May 2023

    • Compatibility: The extension is now compatible with Magento 2.4.6
  • v4.0.3 (Magento v2.3.x)

    31 August 2022

    • Compatibility: The extension is now compatible with Magento 2.4.4
  • v4.0.2 (Magento v2.3.x)

    26 October 2021

    • Compatibility: The extension is now compatible with Magento 2.4.3
    • New Feature: We added Clear Login Logs
    • Bug Fix: We fixed minor bugs
  • v1.1.7 (Magento v2.3.x)

    26 October 2021

    • Compatible with Magento v2.3.7
    • Added Clear Login Logs
    • Fixed minor bugs
  • v4.0.1 (Magento v2.3.x)

    26 May 2021

    • Compatible with Magento v2.4.2
  • v4.0.0 (Magento v2.3.x)

    10 November 2020

    • Supported Magento v2.4
  • v1.1.6 (Magento v2.3.x)

    29 June 2020

    • Fixed minor bugs
  • v1.1.5 (Magento v2.3.x)

    30 December 2019

    • Fixed minor bugs
    • Improved code style & performance
  • v1.1.4 (Magento v2.3.x)

    26 June 2019

    Compatible with Magento 2.3.1

  • v1.1.3 (Magento v2.3.x)

    13 August 2018

    • Update Module license

    Security Pro

    • Fixed error when compiling module on Magento 2.2
  • v1.1.2 (Magento v2.3.x)

    06 April 2018

    • Update email template “lock-user”
  • v1.1.1 (Magento v2.3.x)

    02 April 2018

    Fix bug get wrong IP address if server use Varnish Cache

  • v1.1.0 (Magento v2.3.x)

    29 March 2018

    • Add Checklist feature
    • Add Module Activation
    • Move backend module menu to Magento System menu
  • v1.0.0 (Magento v2.3.x)

    14 March 2018

    Initial module v1.0.0

Standard Professional
General configuration
Enable/Disable the module Mageplaza Mageplaza
Enter the email address to receive warning emails. Mageplaza Mageplaza
Brute Force Protection
Enable/Disable using Brute Force Protection Mageplaza Mageplaza
Set Maximum number of failed login attempts Mageplaza Mageplaza
Allowed duration
Mageplaza Mageplaza
Locked User Alert
Mageplaza Mageplaza
Choose an email template to send alerts Mageplaza Mageplaza
Blacklist/Whitelist IPs
Enter Blacklist IPs
Mageplaza Mageplaza
Enter Whitelist IPs
Mageplaza Mageplaza
Action Log Backup Configuration
Enable/Disable Action Log backup Mageplaza
Choose the frequency of action log backup: Daily, Weekly, Monthly Mageplaza
Enable Clear Log After Backup Mageplaza
Away Mode
File change configuration
Allow exclude files and folders Mageplaza
Create Master Hashes Mageplaza
Automatically check file changes and send an alert email daily using cron Mageplaza
Choose an email template to send alerts Mageplaza
Record the Login Log Mageplaza Mageplaza
View login details Mageplaza Mageplaza
Display the 5 newest logins on the Dashboard with their Usernames, Login status and Time Mageplaza Mageplaza
Display the Last Login information Mageplaza Mageplaza
Provide Security Checklist Mageplaza Mageplaza
Auto-fix security issues Mageplaza
Trace all actions performed by anyone in the backend Mageplaza
Report on Action Log Backup Mageplaza
Detect file changes and notice admins on a regular basis Mageplaza
Auto-fit with every device (Mobile, Tablet, PC) Mageplaza Mageplaza
Support multiple stores Mageplaza Mageplaza
Support multiple languages Mageplaza Mageplaza
Fully compatible with Mageplaza extensions Mageplaza Mageplaza
1-year free support Mageplaza Mageplaza
1-year free update Mageplaza Mageplaza
60 days guarantee money back Mageplaza Mageplaza

Why choose Mageplaza Magento 2 Security

Mageplaza provides consistent and customer-centric extensions for your Magento 2 store.

We don't sell products for one time. We provide lifetime solutions which help our customers thrive with their businesses.

innovate exchange partner
mageplaza trustpilot
follow magento coding standard
8 years ecommerce

60-day Money Back

Extensive 60-day money-back period. You love it or get a full refund no questions asked.


Extensive Support Timeframe

Mageplaza provides support 16 hrs/day, 5.5 days/week to guarantee the seamless operation of our extensions on your store.


Install via Composer

Simple installation via composer helps you save time and eliminates technical issues during future updates.


Frequent Updates

Intensive update roadmaps ensure great performance, bug-free, highly compatible, and innovative extensions.