LogoLogo
  • Magento 2 Extensions
    • SEO Extensions
      • Magento 2 Canonical Urls for Category, Product, CMS, and Other pages
      • Magento 2 Advanced SEO Suite
      • Magento 2 Cross Linking SEO
      • Magento 2 Google Page Speed Optimizer
      • Magento 2 Google Site Map Exclusion
      • Magento 2 Alternate Hreflang Tags
      • Magento 2 Google Rich Snippets
      • Magento 2 SEO Unique Catalog URLs
    • Site Speed Extensions
      • Magento 2 Full Page Cache Warmer
      • Magento 2 Google Page Speed Optimizer
      • Magento 2 Image Optimizer
      • Magento 2 AJAX Infinite Scroll
      • Magento 2 Lazy Load Image
    • Marketing Extensions
      • Magento 2 How Did You Hear About Us
      • Magento 2 Free Shipping Bar
      • Magento 2 Product Scheduler
      • Magento 2 Apply Discount coupon Code Via Link
      • Magento 2 Dynamic Sale Catagory
      • Magento 2 Facebook Conversion and Audience Pixel Tracking
      • Magento 2 Google Dynamic Remarketing Tag
      • Magento 2 Perfect Audience Tracking
      • Magento 2 Product Feed
      • Magento 2 Cash Back Discount
      • Magento 2 Competition or Prize Draw with Social Booster
      • Magento2 Custom Options Discount
      • Magento 2 Product Label
    • Analytics & Tracking Extensions
      • Magento 2 Google Global Site Tag (gtag.js) with GA4(Google Analytics 4) Enabled
      • Magento 2 Google Enhanced Ecommerce Tracking
      • Magento 2 Google Tag Manager (GTM) GA4 Ecommerce Tracking
      • Magento 2 Google Tag Manager Tracking
      • Magento 2 missing orders or transactions in Google Analytics (GA)
      • Magento 2 Consent mode's setup guide
    • Payment and Shipping Extensions
      • Magento 2 Delivery Instructions and Delivery Date
      • Magento 2 Product Handling or Additional Fee
      • Magento 2 Surcharge or Additional Fee
      • Magento 2 Shipping Carrier Tracker
    • User Experience Extensions
      • Magento 2 How Did You Hear About Us
      • Magento 2 FAQ
      • Magento 2 Subcategory Grid/List Extension
      • Magento 2 Ajax Login and Add to Wishlist
      • Magento 2 Custom Stock Status Extension
      • Magento 2 Product Shelf Life
      • Magento 2 VAT Exemption
      • Magento 2 Cancel Order by Customer on the Frontend
      • Magento 2 Lazy Load Image
      • Magento 2 AJAX Infinite Scroll
      • Magento 2 Previously Ordered Products
      • Magento 2 Social Login
      • Magento 2 Substitute Products
      • Magento 2 Product 360 view
      • Magento 2 Product Reviews
    • Admin Extensions
      • Magento 2 Update Order Email Address
      • Magento 2 Admin Action Log
      • Magento 2 Ajax Login and Add to Wishlist
      • Magento 2 Custom Stock Status Extension
      • Magento 2 Product Shelf Life
      • Magento 2 Repeat Order
      • Magento 2 Associated or Linked Product Stock Update
      • Magento 2 VAT Exemption
      • Magento 2 Order Delete or Archive
      • Magento 2 Order Tagger
      • Magento 2 Subcategory Grid/List Extension
      • Magento 2 Advanced Reporting Extension
      • Magento 2 Export Custom Product Attribute
      • Magento 2 Advanced Admin Login Security
      • Magento 2 Admin Security Checklist
      • Magento 2 Security Suite
      • Magento 2 AI Content Generator
      • Magento 2 Content Security Policy (CSP) Whitelist Manager
      • Magento 2 OTP Login
      • Magento 2 Admin Account Switcher
    • Data & Privacy Extensions
      • Magento 2 Not On The High Street Integration
      • Magento 2 GDPR Compliance: Anonymisation of order data
      • Magento 2 Antispam Extension
    • Integration Extensions
      • Magento 2 Diamond Search
      • Magento 2 Not On The High Street Integration
      • Magento 2 Creditsafe Integration
    • Installation Via Composer
  • Magento 1 Extension
    • SEO Extensions
      • Magento SEO Unique Catalog URLs
      • Jquery Asynchronous Image Loader (JAIL)
      • Magento Image Optimizer
      • Canonical Urls for Category, Product and CMS pages
      • Google Site Map Exclusion with Image sitemap
      • Google Friendly SEO Layered Navigation
      • Magento Rich Snippets & Cards (schema.org)
      • Meta Information for Any Page
    • Marketing Extensions
      • Where Did You Hear About Us?
      • Google Tag Manager Tracking
      • Google AdWords Conversion Tracking
      • Order Follow Up or Review Booster
      • Competition or Prize Draw Module with Social Booster
      • Apply Discount Coupon Code via Link
      • Abandoned Basket Email Alert
      • Cash Back Discount
      • Dynamic Sale Category
    • Analytics & Tracking Extensions
      • Google AdWords Conversion Tracking
      • Google Adwords Dynamic Remarketing Tag
      • Facebook Conversion and Audience Pixel Tracking
      • Perfect Audience Tracking
      • Google Enhanced Ecommerce Tracking
      • Magento 1 / OpenMage GA4 Google Tag Manager (GTM)
      • Magento 1 Google Global Site Tag (gtag.js)
      • Magento 1 Consent mode's setup guide
      • Magento 1 Google Analytics Synchronization Extension
    • Payment and Shipping Extensions
      • Magento Delivery Instructions or Order Comments
      • Surcharge or Additional Fee
      • Magento Surcharge or Additional Fee on Payment Method or Countries
    • User Experience Extensions
      • Product Image Resize
      • Magento Delivery Instructions or Order Comments
      • Single Product Category Redirect
      • Testimonials
    • Admin Extensions
      • Admin Order Email
      • Magento Update Order Email Address
      • Product Review Administrator Notification Email
      • Automated Product Publish Date
      • Order Follow Up or Review Booster
      • Custom Variables Anywhere
      • Testimonials
    • Data & Privacy Extensions
      • EU Cookie Notification
      • Magento 1 GDPR Compliance: Anonymisation of order data
    • Site Speed Extensions
      • Product Image Resize
      • Jquery Asynchronous Image Loader (JAIL)
      • Magento Image Optimizer
Powered by GitBook
On this page
  • Installation and User Guide for Magento 2 Security Checklist Extension
  • Installation
  • Configuration Settings for Security Base
  • Configuration Settings for Security Checklist
  • Security Checklist Report

Was this helpful?

Export as PDF
  1. Magento 2 Extensions
  2. Admin Extensions

Magento 2 Admin Security Checklist

PreviousMagento 2 Advanced Admin Login SecurityNextMagento 2 Security Suite

Last updated 7 months ago

Was this helpful?

Installation and User Guide for Magento 2 Security Checklist Extension

Table of Contents

    • Download Extension

    • Installation via app/code

    • Installation via Composer

    • General Settings

    • General Settings

    • Security Checklist Report

Installation

  • Download Extension: Once you have placed the order from our site then go to the Account section, click on My Downloadable Products, and download the extension package.

  • Installation via app/code: Upload the content of the module to your root folder. This will not overwrite the existing Magento folder or files, only the new contents will be added. After the successful upload of the package, run the below commands on the Magento 2 root directory.

php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
  • Installation via Composer: Please follow the guide provided in the below link to complete the installation via composer.

Configuration Settings for Security Base

Go to Admin > Stores > Configuration > Scommerce Configuration > Security Base

General Settings

  • Enabled – Select “Yes” or “No” to enable or disable the module.

Configuration Settings for Security Checklist

Go to Admin > Stores > Configuration > Scommerce Configuration > Security Checklist

General Settings

  • Enabled Security Checklist – This setting will be used to enable or disable admin security checklist

  • Enable Database prefix check :- This setting will be used to enable or disable check for DB prefix. Database prefix added in app/etc/env.php file, to make it work you also need to make changes in database.

  • Enable FE Captcha check:- This setting will be used to enable or disable checks for Frontend Captcha. Go to Stores > Configuration > Security > Google reCAPTCHA Storefront in order to verify it.w

  • Enable BE Captcha check:- This setting will be used to enable or disable checks for Backend Captcha. Go to Stores > Configuration > Security > Google reCAPTCHA Admin Panel and Stores > Configuration > Admin > CAPTCHA Storefront in order to verify it.

  • Enable Magento version check- This setting will be used to enable or disable check for Magento Version and latest security patches.

  • Enable Admin Users check-:- This setting will be used to enable or disable check for Admin Users Security. Especially usernames, password lifetime policy and login activity. Go to Stores > Configuration > Advanced > Admin > Security Or Go to System > Permission > All users to manage admin users

  • Admin Usernames Stop List:- You can add list of usernames that shouldn't be used for admin accounts. Comma separated.

  • Enabled Admin Path Check:- This setting will be used to enable or disable check for Admin Path Security. Admin Path is configured in app/etc/env.php file or go to Advanced > Admin > Admin Base URL > Use Custom Admin Path to change it

  • Admin Path Stop List:- You can add list of paths that shouldn't be used for admin. Comma separated.

  • Enable Content Script Check:- This setting will be used to enable or disable check for scripts added in your content or configuration

  • Enabled Checklist Check Cron Job:- IF enabled the security checklist also checks whether admin 2FA is enabled or not.

  • Enabled Checklist Check Cron Job:- This setting will be used to enable or disable checklist cron job

  • Checklist Cron Schedule:- This will allow you to define schedule how often you want to clear Login Attempts logs cron.

Security Checklist Report

Go to Admin > System > Scommerce Security> Security Checklist

Security Checklist Report

The Security checklist grid has several distinctions for various checks: Warning, Error and Success

  • Admin password Protection: - For Admin password protection, if a password change is not forced, the user will see an error. If the lifetime is more than 90 days, the user will see a warning. If a password change is forced and the lifetime is less than 90 days, then the user will see success.

  • Magento version check: - For a Magento version check, if the version is outdated, the user will see an error. Otherwise, the user will see success.

  • Database Prefix check: - For the Database prefix check, if the table prefix is not set in the configuration file, the user will see an error. Otherwise, the user will see success.

  • Frontend ReCaptcha Protection - For Frontend ReCaptchaProtection, if all frontend forms are protected with recaptcha, the user will see a success. When some forms are protected, the user will see a warning. If none of the forms are protected, the user will see an error.

  • Admin Captcha Protection:- For Admin Captcha protection, if all backend forms are protected with Captcha, the user will see a success. When some forms are protected, the user will see a warning. If none of the forms are protected, the user will see an error.

  • Admin path protection: - For Admin path protection, if the user's admin path doesn't contain words from the stop list, doesn't contain numbers or capital letters, and is at least 15 characters long, the user will see a success. If any of the criteria mentioned are not fulfilled, the user will see a warning.

  • Admin usernames check:- For Admin usernames check, if the username contains words from the stop list or if the username contains numbers, the user will see a warning. Otherwise, success.

  • Admin users activity check: - For Admin admin user activity check, if the account is unused, the user will see a warning. Otherwise, success.

  • Check for static scripts inserted from Config and CMS Pages: - For Static scripts in Configuarion, CMS Blocks, and CMS Pages, if a text field has a static script, the user will see a warning. Otherwise, success.

  • Check for static scripts inserted from Product Attributes: - For Static scripts inserted by any product attributes the user will see a warning with the name of the attribute otherwise, success.

  • Check for Admin 2FA: - It also checks whether admin 2FA is enabled or not.

License Key – Please add the license for the extension which is provided in the order confirmation email. Please note license keys are site URL specific. If you require license keys for dev/staging sites then please email us at .

If you have a question related to this extension please check out our FAQ Section first. If you can't find the answer you are looking for then please contact .

Installation Via Composer
support@scommerce-mage.com
support@scommerce-mage.com
Installation
Configuration Settings for Security Base
Configuration Settings for Security Checklist
Security Checklist Report