The first and foremost concern for various business doers is how to keep their enterprises safe from the attack of hackers. Knowing about that concern, Mageplaza Security extension is developed to help store owners, especially who are running business on Magento platform, to deal with this perennial problem. With this extension online store, merchants will be protected from being preys for hackers to impair. One of the most favorable features provided by this extension is its Brute Force Attack Protection to prevent stores from being accessed for malicious nerds.
About Brute Force Attack Protection in Magento 2
Brute Force Attack Protection is a feature which helps business doers prevents potential danger from users community. The function of this feature is based on the amount of failed login by customers. Depending on the number of unsuccessful attempts to log in of web browsers, this function will inform store owners of these customers. By doing so, admins can pay their attention to suspected accounts and protect their stores better.
How to configure in the backend
From the Admin Panel, you have to access System > Security > Configuration. On the display page, first you need to select Yes in Enable field to activate Security extension. Below General is the Brute Force Protection section where configuration will be done.
In Enable field box, admins have to turn on this function by selecting Yes. After that, in the Send warning emails to field, shop owners are required to provide emails of people who will receive a warning when the maximum number of register attempts is reached. In this section, admins can choose to enter one or multiple emails. In case, you want to fill in more than an email, you have to use a comma to separate two emails.
In Maximum number of failed login attempts, store owners have to enter a number which will be applied as the maximum times allowed for failed login. If admins do not fill in this field or the value entered is 0, a warning letter will be sent to store owners after every failed login. In case, admins want to use system value, the maximum times for failed login will be 5.
In Allowed duration, this is the place where admins have to fill in a maximum period of time allowed for failed login. It means that maximum times of failed login will be restricted in a certain period of time. If web browsers failed to login several times which surpassed allowed number in that time, a warning will be emailed to store owners to inform them. If this field is left empty or filled with 0, no warning email will be sent to admins even buyers failed to login more than the allowed times. If default setting is applied, time is limited to within 10 minutes.
In the Locked User Alert field: Select “Yes” to send the alert email when the admin account is locked due to failed login attempts is exceeded limit.
In Email template, admins choose among available options to determine which template will be applied for warning emails. In case they want to add a new template, they can configure at Marketing in the backend.
In short, Brute Force Attack Protection is an outstanding feature that make Mageplaza Security extension be favorable by various Magento online merchants. Thanks to this function, every strange login will be managed to prevent the stores from the attack of hackers. In addition, there are also numerous features that make Security extension become an effective guard such as Security checklist. If you want to deeper your understanding about this feature, explore here: