Magento 2 Security Extension
v4.0.5Magento 2 Security extension helps safeguard the store’s website from serious security threats such as break-in attempts, brute force attacks, etc. The module will automatically display all warnings of possible security risks and send messages if someone is trying to break in so that admins can protect the store on time.
Additionally, businesses can track suspicious login with information like ID, Time, User name, IP, Browser Agent, URL, and Status. Other actions, like changing files, will also be recorded.
Notably, Security for Magento 2 also provides the Away Mode to protect the store when admins are on their break.
- Compatible with Hyva theme
- Compatible with API/GraphQL
- Provide a security checklist to find insecure factors
- Support brute force attack protection to prevent unauthorized access
- Provide login log to record login attempts
- Detect file changes to recognize suspicious actions
- Record action log to record and track all admin activities
- Activate away mode to block all login attempts
Magento 2 Security Highlight Features
Minimize security risks with the security checklist and brute force protection
With the Magento 2 Security extension, businesses can evaluate and control the security level of their Magento websites. It provides them with a detailed list of security checks, limits the number of failed login attempts, and sets an allowed duration to help you ensure that your website is as well-protected as possible.
Identify and prevent unauthorized access to the website via the record grids
Mageplaza Magento 2 Security extension provides supportive features that help businesses track all logins and file changes to their website, which can help them identify and prevent unauthorized access.
Restrict all login attempts in a specific period with away mode [Pro edition]
With the Magento 2 Security extension from Mageplaza, merchants can restrict access to the admin page during specific periods. Thus, they can prevent unauthorized access to their store's sensitive information.
More features of Magento 2 Security Extension
Blacklist/whitelist IPS
Block or allow a range of IP addresses in the backend. It is easy to set up in the backend
Warning email templates
Automate scrolling warning email templates to the top when loading results for your visitors to view on the page
Login report
Provide a short report of the 5 most recent logins, including information about user names, login status, and time on the dashboard
Reviews (28)
31 January 2024
As an e-commerce store owner, the security of my online business is of paramount importance. Recently, I integrated Security Extension into my platform, and the impact has been nothing short of exceptional.
21 December 2022
Simple to set up and very easy to use. As a non-technical person, after installation, it is easier to understand the security situation of my server. thanks
02 May 2022
Love that it's a complete pack to get so you only need one tool like this and you'll know that you have done enough to protect your store.
19 April 2022
I had some issues with installation and they made solution for me in time. Highly recommended Mageplaza and will buy more extensions here. 1000 Stars!!!
16 April 2021
Thanks, Mageplaza team your all extension is very helpful and I have purchased your many paid and free extension. Your all extension and Support is excellent and Mageplaza is one of the best Magento 2 developer company
15 April 2021
They are simply the best, this is such a pleasure to work with them and I worked with a lot of developers. Thanks for everything!
15 March 2020
This extension was able to provide us details and we were able to blacklist IPs that were attempting to brute force admin area. The file change detection is not working on 2.3.4 but we hope to resolve it with the support. Mageplaza should add additional features such as automatic blacklist addition if IP is found on the AbuseIP database for example. Overall satisfied.
30 December 2019
Best service ever!
17 October 2019
This extension works well, as it allows me to view who's logging into the admin page. Features that should've been native to Magento but isn't! Good job Mageplaza, any added security to Magento is welcome!
30 May 2019
I just worked with Eric on Security Extension and he was very fast and helpful with my issue. I definitely appreciate this kind of support and will continue to speak highly about Mageplaza!
29 May 2019
Really good for protecting your website! It can set a blacklist or a whitelisted IP, prevent brute force attack and set a warning email! I would definitely recommend this module to keep you ecommerce safe.
25 March 2019
I purchased the Pro version and definitely more advanced. If you have a Magento store, I think you have to buy this extension. Security is more important than anything. Thank you Mageplaza!!
20 February 2019
We installed this extension after a brute force attack. The installation was easy and done in a few minutes. I was not sure about the correct configuration so that I had to contact the support team to finish the configuration.
07 February 2019
This extension is very useful to track your Magento store's Admin user activities. I'm using it for some time and I found no issues with it and it works perfectly. Anyone should try this extension on their Magento store so that they can have the best logging tool in their store. Thank you
02 February 2019
I have installed it but forgot to install the library, the support team was very kind to reinstall the library and set it up. It works great, looking forward to get the Pro version.
03 January 2019
Installed this extension and out of blue my Magento store is secured. Nice features, great usability, and nice coding. No bugs, all works perfectly. Highly recommended Magento 2 extension. Keep up good work!
07 December 2018
This extension is very useful to track your Magento store's Admin user activities. I'm using it for some time and I found no issues with it and it works perfectly. Anyone should try this extension on their Magento store so that they can have the best logging tool in their store.
04 December 2018
This is one important and indispensable Security module. We were looking for a Security module and found this useful one from a reliable source. And guess what! It is a free module. That's awesome!
10 November 2018
This is a good idea to offer it with the free edition. So once you try it, you will feel that it's good enough to have the paid one. Again, I would like to mention how great the support team is. They are super friendly and willing to assist as well. I'm looking for my next step to buy the paid version.
22 September 2018
I needed to view the log action in my admin website, so I tried to use this product, what it offers is not bad so you can see some logs actions.
17 September 2018
It is nice to have the ability to log the logins when you have multiple accounts and a need for seeing anywhen and anywhere they have occurred. Also, the checklist is a nice touch. Overall: Good stuff for free :=)
05 September 2018
The installation was so easy and because there are many colleagues who have an account, I can see exactly what is going on. This is a must-have extension. Also, the support is also very good.
09 August 2018
This module is a very useful tool to control the basic logging of Admin users on your website. It would be better to have the action log of the users as well, but I guess it comes with a paid version :)
20 July 2018
I see no issues with Security extension. It seems to be running as it should. Now I am happy with my purchase. I have tested the features, and they are working well. I recommend this to anyone who wants little extra security.
02 June 2018
The Standard (free) edition is a great way to get a security check that will advise you of ways to secure your store (I've implemented these changes), as well as getting a list of last logins to your admin panel. This can help reassure you that others are not accessing your store, and you can check the date of your last login to make sure that was you. The usefulness of this extension, and by making it free, means I will be considering the Professional edition.
15 March 2018
I’ve got to say that it’s too good to have a free extension like Mageplaza Security. It works well on my store and helps prevent bad break-in attempts so effectively. No complaints for this.
15 March 2018
I like the way Mageplaza support team works. Quick and effective! This extension is also awesome with adequate features for my online store.
15 March 2018
I’m pleased with the quality of the extension, no bugs for my store. The extension gives me peace of mind about the security of my online store. Good work, Mageplaza~
Feature Roadmap
All of the feature updates plan and status will be updated as soon as possible in our public Trello.
View Mageplaza Extension Roadmap 2023 ->Don't see the features you are looking for?
Request featureRelease Notes
Standard:
- Compatibility: Now compatible with Magento 2.4.7
Professional:
- Compatibility: Now compatible with Magento 2.4.7
- Compatibility: The extension is now compatible with Magento 2.4.6
- Compatibility: The extension is now compatible with Magento 2.4.4
FAQs
You can enable the extension by following these steps:
- Step 1: Go to Stores > Settings > Configuration > Mageplaza> Security.
- Step 2: In the Enable field, choose Yes to turn the Security module on.
- Step 3: Click on Save Config to save your changes.
With our extension, you can perform various actions to secure your website, like:
- Setting up unrecognized admin panel login alerts
- Restricting unauthorized access by creating a blacklist and whitelist IP addresses
- Sending brute force attack email notifications to store owners
If the maximum number of times logins fail is reached, a warning email will be sent to email addresses that are set.
You sure can. It is easy to customize warning email templates in Magento 2. There are 4 steps to customize the email template. Read this step-by-step guide now!
If you get locked out of your Magento 2 store, the module will automatically display all warnings of possible security risks and send messages to the email address. If you assume that this is a mistake, please follow our guide to unblock.
Exactly! It logs both Failure and Success status.
The standard version of the Mageplaza Security extension is still free on Github. However, the GitHub version does not include the Mageplaza technical support package.
Mageplaza Security is compatible out-of-the-box with Magento Open (Community), Magento Commerce (Enterprise), Magento Cloud 2.2.x, 2.3.x, 2.4.x..
Standard | Professional | |
General Configuration | ||
Enable/Disable the module | ||
Enter the email address to receive warning emails | ||
Brute force protection | ||
Enable/disable using brute force protection | ||
Set maximum number of failed login attempts | ||
Set allowed duration | ||
Turn on user locked alert | ||
Choose an email template to send alerts | ||
Blacklist/whitelist IPs | ||
Enter Blacklist IPs: block IP address | ||
Enter Whitelist IPs: allow IP address | ||
Action log backup configuration | ||
File change configuration | ||
Choose the frequency of action log backup: daily, weekly, monthly | ||
Automatically backed up as a csv file | ||
Click on any file, leading to an automatic download | ||
Enable clear log after backup | ||
Away mode | ||
Don't allow to log in until away mode ends | ||
Prohibit from logging in and operating on some days of week | ||
File change configuration | ||
Allow exclude files and folders | ||
Create master hashes | ||
Automatically check file changes and send an alert email daily using cron | ||
Track file changes, including creating, modifying, and deleting files | ||
Clear log button | ||
Choose an email template to send alerts | ||
Records | ||
Record the login log | ||
View login details | ||
Display the 5 newest logins on the dashboard with their usernames, login status and time | ||
Display the last login information | ||
Provide security checklist: admin's username, captcha, Magento version, database prefix | ||
Auto-fix security issues | ||
Track all actions performed by anyone in the backend | ||
Report on action log backup | ||
Detect file changes and notice admins on a regular basis | ||
Another feature | ||
Integrate with Magento 2 Google reCaptcha | ||
Support | ||
Auto-fit with every device (Mobile, Tablet, PC) | ||
Support multiple stores | ||
Support multiple languages | ||
Fully compatible with Mageplaza extensions | ||
Free support included within the subscription period | ||
60 days guarantee money back |
Pricing
Standard
Crafted for a great webstore start $ 99 first year
- 1-year extension updates
- 1-year support
- 60-day money-back guarantee
- Read our policies
- 1-year extension updates
- 1-year support
- 60-day money-back guarantee
- Supports for Magento 2 Community Edition
Professional
The most popular $ 149 first year
- 1-year extension updates
- 1-year support
- 60-day money-back guarantee
- Read our policies
- Compatible with Magento 2 Google reCaptcha
- 1-year extension updates
- 1-year support
- 60-day money-back guarantee
- Supports for Magento 2 Community Edition (Magento Open Source)
- Includes all Standard features plus
- File change detection
- Away mode
- Alert Emails
- Blacklist/Whitelist IPs
Why choose Mageplaza Magento 2 Security
Worried about the potential threat of hackers accessing and stealing your important data? Mageplaza Magento 2 Security extension will help you solve all your concerns. Integrate an automatic email-sending feature to receive the warning message timely. Provide store admins with a security checklist that automatically displays all warnings of possible security risks to assist online store owners in identifying insecure factors. Record all logins in a log to prevent break-in attempts.
60-day Money Back
Extensive 60-day money-back period. You love it or get a full refund no questions asked.
Extensive Support
Mageplaza provides support 16 hrs/day, 5.5 days/week to guarantee the seamless operation of our extensions on your store.
Install via Composer
ESimple installation via composer helps you save time and eliminates technical issues during future updates.
Frequent Updates
Intensive update roadmaps ensure great performance, bug-free, highly compatible, and innovative extensions.