Protect & Secure Online Store

Built by the Magento Security Experts

Magento 2 security extension


There have been up to 650,000 stores using Magento 2 platform all over the world, and they are being ideal prey for hackers. Your Magento 2 store needs Mageplaza Security module to keep the bad guys out. Mageplaza Security resolves common Magento 2 security issues

Mageplaza Security extension for Magento 2 is a perfect security solution for online stores built based on Magento platform. The module helps prevent break-in attempts to your store from hackers. Thanks to an effective warning system, your valued information will be completely protected

Stores have vulnerability
Stores do not use SSL
Stores have 4+ security issues

Highlight features

What stands out in Security
magento 2 Security Checklist

Security Checklist

Magento 2 Security extension provides store admins a security checklist which automatically displays all warnings of possible security risks about admin username, captcha, Magento version and database prefix.

Brute Force Attack Protection

Admins are allowed to set a limit for the number of failed login attempts. This restriction will become a fundamental for the module to send shop owners a warning message whenever the store encounters risks of break-in attempts.

Brute Force Attack Protection
Login Log

Login Log

Mageplaza Security extension tracks and records all logins in a log along with its information like ID, Time, User name, IP, Browser Agent, Url and Status (Failure or Success). Store admins can view the details and trace the IP.


magento 2 Security file-change-detection

File change detection

Important files in the admin panel should not be changed without any awareness. Unwanted adjustments in the backend made by hackers are harmful to online stores. Hence, a tracking and warning system will definitely provide better protection for your business. The module is able to detect every single change of files in the backend such as adding, editing and deleting. Once these changes are found, they are also recorded and saved in the admin log. Moreover, a report email will be sent to admins shortly.

Action Log

That an online store may have multiple admins and that hackers can break in and view or invisibly harm your store force us to find a solution to help you manage and protect it better. An advanced report of all actions performed in your store’s admin panel. In the action log, the information about time, IP, username, specific actions or changes will be reported in details. The datalog can also be compressed and backed up automatically to optimize your store's performance

Action log
Away mode

Away mode

It may seem unusual when your store's admin panel is logged into during your time/days off. Besides, break-ins often occur when your store is not looked after by you and admins. To eliminate the risks, unnecessary login attempts should be stopped. Hence, the away mode can be enabled to prevent any logins made in specific time. You will have peace of mind and have a good night.

Much more

Checkout more details of Mageplaza Security

Blacklist/Whitelist IPs

Block or allow a range of IP addresses in backend. It is easy to setup in backend.

Warning email templates

Various warning templates can be used in the backend. These become warning emails sent to store owners

Login report

A short report of the 5 most recent logins is featured on the Dashboard with the information of user names, login status and time.

Smart Pricing

Choose your suitable edition


Crafted for a Great Webstore Start

Add to cart

Magento Edition

Total: $99



Add to cart

Magento Edition

Total: $149


Great for Enterprise solution

Add to cart

Magento Edition

Total: $349

  • Includes all Pro features plus
  • Supports for Enterprise Edition (Magento Commerce)
  • High priority support
  • View full features list

Free Update

Free lifetime updates

Premium Support

We offer fast response tickets.

60-day Money Back

There is no risk, why not give a try.

One-time payment

One-time payment, no hidden cost.

Frequently Asked Questions

We have answered a wide range of Questions for your Convenience

Q. When I receive login failed alert?

If the maximum number of times logins are failed is reached, a warning email will be sent to email addresses which are set.

Q. Can I custom my own warning email templates?

You sure can. It is easy to customize email templates. Read this guide

Q. What happens if I get locked?

In this case, any login attempts from your IP address will be blocked. If you assume that this is a mistake, please follow this guide to unblock.

Q. Will a successful login be recorded in the log?

Yes! It logs both Failure and Success status..

Q. I want to get the Mageplaza Security extension for free, Is it possible?

Mageplaza Security extension the standard version is still free on Github. However, the Github version does not include Mageplaza technical support package. If you still consider downloading the Security module on Github, please visit here

Q. Why choose Mageplaza?

Magento 2 Security by Mageplaza is one of the most advanced Security extension. It comes with powerful features which help you save time to send invoice manually and your invoices are professional. Fully compatible with:M2 OneStepCheckout, Social Login, Required Login, Login as Customer...

Q. What edition does this module support?

Mageplaza Security is compatible out-of-the-box with Magento Open (Community), Magento Commerce (Enterprise) 2.2.x, 2.3.x, 2.4.x.

Reviews (22)

What our customers say
  • Admin

    This extension was able to provide us details and we were able to blacklist IPs that were attempting to brute force admin area. The file change detection is not working on 2.3.4 but we hope to resolve it with the support. Mageplaza should add additional features such as automatic blacklist addition if IP is found on the AbuseIP database for example. Overall satisfied.

    Posted by Megha on 15 March 2020
  • Keep it up Mageplaza!

    Best service ever!

    Posted by Ran on 30 December 2019
  • Added Security Always Welcomed

    This extension works well, as it allows me to view who's logging into the admin page. Features that should've been native to Magento but isn't! Good job Mageplaza, any added security to Magento is welcome!

    Posted by Jerry on 17 October 2019
  • Love you guys for great support!

    I just worked with Eric on Security Extension and he was very fast and helpful with my issue. I definitely appreciate this kind of support and will continue to speak highly about Mageplaza!

    Posted by Hasan on 30 May 2019
  • Good extension to prevent attack!

    Really good for protecting your website! It can set a blacklist or a whitelisted IP, prevent brute force attack and set a warning email! I would definitely recommend this module to keep you ecommerce safe.

    Posted by xdev on 29 May 2019
  • Exellent Module!!

    I purchased the Pro version and definitely more advanced. If you have a Magento store, I think you have to buy this extension. Security is more important than anything. Thank you Mageplaza!!

    Posted by wrc on 25 March 2019
  • Leave a Review

    How do you rate this product?

    Feature Comparison Table

    Mageplaza Security includes three packages: Standard, Professional, and Ultimate. Let's take a glance at the comparison table.

    Standard Professional
    General configuration
    Enable/Disable the module
    Enter the email address to receive warning emails.
    Brute Force Protection
    Enable/Disable using Brute Force Protection
    Set Maximum number of failed login attempts
    Allowed duration
    Locked User Alert
    Choose an email template to send alerts
    Blacklist/Whitelist IPs
    Enter Blacklist IPs
    Enter Whitelist IPs
    Action Log Backup Configuration
    Enable/Disable Action Log backup
    Choose the frequency of action log backup: Daily, Weekly, Monthly
    Enable Clear Log After Backup
    Away Mode
    File change configuration
    Allow exclude files and folders
    Create Master Hashes
    Automatically check file changes and send an alert email daily using cron
    Choose an email template to send alerts
    Record the Login Log
    View login details
    Display the 5 newest logins on the Dashboard with their Usernames, Login status and Time
    Display the Last Login information
    Provide Security Checklist
    Auto-fix security issues
    Trace all actions performed by anyone in the backend
    Report on Action Log Backup
    Detect file changes and notice admins on a regular basis
    Auto-fit with every device (Mobile, Tablet, PC)
    Support multiple stores
    Support multiple languages
    Fully compatible with Mageplaza extensions
    1-year free support
    Lifetime updates
    60 days guarantee money back