LogoLogo
  • Magento 2 Extensions
    • SEO Extensions
      • Magento 2 Canonical Urls for Category, Product, CMS, and Other pages
      • Magento 2 Advanced SEO Suite
      • Magento 2 Cross Linking SEO
      • Magento 2 Google Page Speed Optimizer
      • Magento 2 Google Site Map Exclusion
      • Magento 2 Alternate Hreflang Tags
      • Magento 2 Google Rich Snippets
      • Magento 2 SEO Unique Catalog URLs
    • Site Speed Extensions
      • Magento 2 Full Page Cache Warmer
      • Magento 2 Google Page Speed Optimizer
      • Magento 2 Image Optimizer
      • Magento 2 AJAX Infinite Scroll
      • Magento 2 Lazy Load Image
    • Marketing Extensions
      • Magento 2 How Did You Hear About Us
      • Magento 2 Free Shipping Bar
      • Magento 2 Product Scheduler
      • Magento 2 Apply Discount coupon Code Via Link
      • Magento 2 Dynamic Sale Catagory
      • Magento 2 Facebook Conversion and Audience Pixel Tracking
      • Magento 2 Google Dynamic Remarketing Tag
      • Magento 2 Perfect Audience Tracking
      • Magento 2 Product Feed
      • Magento 2 Cash Back Discount
      • Magento 2 Competition or Prize Draw with Social Booster
      • Magento2 Custom Options Discount
      • Magento 2 Product Label
    • Analytics & Tracking Extensions
      • Magento 2 Google Global Site Tag (gtag.js) with GA4(Google Analytics 4) Enabled
      • Magento 2 Google Enhanced Ecommerce Tracking
      • Magento 2 Google Tag Manager (GTM) GA4 Ecommerce Tracking
      • Magento 2 Google Tag Manager Tracking
      • Magento 2 missing orders or transactions in Google Analytics (GA)
      • Magento 2 Consent mode's setup guide
    • Payment and Shipping Extensions
      • Magento 2 Delivery Instructions and Delivery Date
      • Magento 2 Product Handling or Additional Fee
      • Magento 2 Surcharge or Additional Fee
      • Magento 2 Shipping Carrier Tracker
    • User Experience Extensions
      • Magento 2 How Did You Hear About Us
      • Magento 2 FAQ
      • Magento 2 Subcategory Grid/List Extension
      • Magento 2 Ajax Login and Add to Wishlist
      • Magento 2 Custom Stock Status Extension
      • Magento 2 Product Shelf Life
      • Magento 2 VAT Exemption
      • Magento 2 Cancel Order by Customer on the Frontend
      • Magento 2 Lazy Load Image
      • Magento 2 AJAX Infinite Scroll
      • Magento 2 Previously Ordered Products
      • Magento 2 Social Login
      • Magento 2 Substitute Products
      • Magento 2 Product 360 view
      • Magento 2 Product Reviews
    • Admin Extensions
      • Magento 2 Update Order Email Address
      • Magento 2 Admin Action Log
      • Magento 2 Ajax Login and Add to Wishlist
      • Magento 2 Custom Stock Status Extension
      • Magento 2 Product Shelf Life
      • Magento 2 Repeat Order
      • Magento 2 Associated or Linked Product Stock Update
      • Magento 2 VAT Exemption
      • Magento 2 Order Delete or Archive
      • Magento 2 Order Tagger
      • Magento 2 Subcategory Grid/List Extension
      • Magento 2 Advanced Reporting Extension
      • Magento 2 Export Custom Product Attribute
      • Magento 2 Advanced Admin Login Security
      • Magento 2 Admin Security Checklist
      • Magento 2 Security Suite
      • Magento 2 AI Content Generator
      • Magento 2 Content Security Policy (CSP) Whitelist Manager
      • Magento 2 OTP Login
      • Magento 2 Admin Account Switcher
    • Data & Privacy Extensions
      • Magento 2 Not On The High Street Integration
      • Magento 2 GDPR Compliance: Anonymisation of order data
      • Magento 2 Antispam Extension
    • Integration Extensions
      • Magento 2 Diamond Search
      • Magento 2 Not On The High Street Integration
      • Magento 2 Creditsafe Integration
    • Installation Via Composer
  • Magento 1 Extension
    • SEO Extensions
      • Magento SEO Unique Catalog URLs
      • Jquery Asynchronous Image Loader (JAIL)
      • Magento Image Optimizer
      • Canonical Urls for Category, Product and CMS pages
      • Google Site Map Exclusion with Image sitemap
      • Google Friendly SEO Layered Navigation
      • Magento Rich Snippets & Cards (schema.org)
      • Meta Information for Any Page
    • Marketing Extensions
      • Where Did You Hear About Us?
      • Google Tag Manager Tracking
      • Google AdWords Conversion Tracking
      • Order Follow Up or Review Booster
      • Competition or Prize Draw Module with Social Booster
      • Apply Discount Coupon Code via Link
      • Abandoned Basket Email Alert
      • Cash Back Discount
      • Dynamic Sale Category
    • Analytics & Tracking Extensions
      • Google AdWords Conversion Tracking
      • Google Adwords Dynamic Remarketing Tag
      • Facebook Conversion and Audience Pixel Tracking
      • Perfect Audience Tracking
      • Google Enhanced Ecommerce Tracking
      • Magento 1 / OpenMage GA4 Google Tag Manager (GTM)
      • Magento 1 Google Global Site Tag (gtag.js)
      • Magento 1 Consent mode's setup guide
      • Magento 1 Google Analytics Synchronization Extension
    • Payment and Shipping Extensions
      • Magento Delivery Instructions or Order Comments
      • Surcharge or Additional Fee
      • Magento Surcharge or Additional Fee on Payment Method or Countries
    • User Experience Extensions
      • Product Image Resize
      • Magento Delivery Instructions or Order Comments
      • Single Product Category Redirect
      • Testimonials
    • Admin Extensions
      • Admin Order Email
      • Magento Update Order Email Address
      • Product Review Administrator Notification Email
      • Automated Product Publish Date
      • Order Follow Up or Review Booster
      • Custom Variables Anywhere
      • Testimonials
    • Data & Privacy Extensions
      • EU Cookie Notification
      • Magento 1 GDPR Compliance: Anonymisation of order data
    • Site Speed Extensions
      • Product Image Resize
      • Jquery Asynchronous Image Loader (JAIL)
      • Magento Image Optimizer
Powered by GitBook
On this page
  • Installation and User Guide for Magento 2 Security Suite Extension
  • Installation
  • Configuration Settings for Security Base
  • Configuration Settings for Security Checklist
  • Configuration Settings for Admin Activity Logger
  • Configuration Settings for Admin Login Security
  • Scommerce Admin Login Security
  • Security Checklist Report

Was this helpful?

Export as PDF
  1. Magento 2 Extensions
  2. Admin Extensions

Magento 2 Security Suite

PreviousMagento 2 Admin Security ChecklistNextMagento 2 AI Content Generator

Last updated 1 year ago

Was this helpful?

Installation and User Guide for Magento 2 Security Suite Extension

Table of Contents

    • Download Extension

    • Installation via app/code

    • Installation via Composer

    • General Settings

    • General Settings

    • General Settings

    • Modules Activity Logger

    • Admin Activity Logger

    • Admin Activity Grid

    • Admin Logger Detailed View for Admin Activities

    • Admin Logger Detailed View for Item Info

    • Login Activity Grid

    • Active Sessions Grid

    • Admin Login Attempts

    • Blacklist

    • Whitelist

    • Security Checklist Report

Installation

  • Download Extension: Once you have placed the order from our site then go to the Account section, click on My Downloadable Products, and download the extension package.

  • Installation via app/code: Upload the content of the module to your root folder. This will not overwrite the existing Magento folder or files, only the new contents will be added. After the successful upload of the package, run the below commands on the Magento 2 root directory.

php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
  • Installation via Composer: Please follow the guide provided in the below link to complete the installation via Composer.

Configuration Settings for Security Base

Go to Admin > Stores > Configuration > Scommerce Configuration > Security Base

General Settings

  • Enabled – Select “Yes” or “No” to enable or disable the module.

Configuration Settings for Security Checklist

Go to Admin > Stores > Configuration > Scommerce Configuration > Security Checklist

General Settings

  • Enabled Security Checklist – This setting will be used to enable or disable admin security checklist

  • Enable Database prefix check :- This setting will be used to enable or disable check for DB prefix. Database prefix added in app/etc/env.php file, to make it work you also need to make changes in database.

  • Enable FE Captcha check:- This setting will be used to enable or disable checks for Frontend Captcha. Go to Stores > Configuration > Security > Google reCAPTCHA Storefront in order to verify it.w

  • Enable BE Captcha check:- This setting will be used to enable or disable checks for Backend Captcha. Go to Stores > Configuration > Security > Google reCAPTCHA Admin Panel and Stores > Configuration > Admin > CAPTCHA Storefront in order to verify it.

  • Enable Magento version check- This setting will be used to enable or disable check for Magento Version and latest security patches.

  • Enable Admin Users check-:- This setting will be used to enable or disable check for Admin Users Security. Especially usernames, password lifetime policy and login activity. Go to Stores > Configuration > Advanced > Admin > Security Or Go to System > Permission > All users to manage admin users

  • Admin Usernames Stop List:- You can add list of usernames that shouldn't be used for admin accounts. Comma separated.

  • Enabled Admin Path Check:- This setting will be used to enable or disable check for Admin Path Security. Admin Path is configured in app/etc/env.php file or go to Advanced > Admin > Admin Base URL > Use Custom Admin Path to change it

  • Admin Path Stop List:- You can add list of paths that shouldn't be used for admin. Comma separated.

  • Enable Content Script Check:- This setting will be used to enable or disable check for scripts added in your content or configuration

  • Enabled Checklist Check Cron Job:- This setting will be used to enable or disable checklist cron job

  • Checklist Cron Schedule:- This will allow you to define schedule how often you want to clear Login Attempts logs cron.

Configuration Settings for Admin Activity Logger

Go to Admin > Stores > Configuration > Scommerce Configuration > Admin Activity Logger

General Settings

  • Enabled - Select “Yes” or “No” to enable or disable the module.

  • Admin Users Login Activity Enabled - Enable / Disable activity. It will log login activity of the admin users.

  • Page visit History Enabled - Enable / Disable page history visiting log.

  • Clear Admin Activity Logs After - Enter value. Clear all admin activity logs will be cleared after X days.

  • Enabled Profiler - Enable / Disable time profiler. Duration of the operations will be logged.

Modules Activity Logger

  • Order - Select “Yes” to enable. It will log order related activities.

  • Product - Select “Yes” to enable. It will log product related activities.

  • Category - Select “Yes” to enable. It will log category related activities.

  • Customer - Select “Yes” to enable. It will log customer related activities.

  • Email Template - Select “Yes” to enable.

  • Page - Select “Yes” or “No” to Enable / Disable.

  • Block - Select “Yes” or “No” to Enable / Disable.

  • Widget - Select “Yes” or “No” to Enable / Disable.

  • Theme - Select “Yes or “No” to Enable / Disable.

  • System Configuration - Select “Yes” or “No” to Enable / Disable.

  • Product Attributes - Select “Yes” or “No” to Enable / Disable.

  • Admin User - Select “Yes” to enable. It will log all users activities.

  • SEO - Select “Yes” or “No” to Enable / Disable.

  • Admin Activity Logger - You can view admin activity logger from, Admin > System > Scommerce Admin Activity Logger > Admin Activity / Login Activity.

  • Admin Activity Grid - In the back-end under Admin Activity Logger grid you can view all the admin activities details from Admin > System > Admin Activity Logger. This grid will have, Admin Username, Name, Activity Type, Store View, Module, Full Action, IP, Item, Revert and Action columns.

    • Date: - The exact date and time of the activity performed.

    • Admin Username: - user name of the admin.

    • Name: - The name of the admin.

    • Activity Type: - Type of activity performed

    • Store view: - Name of the store view

    • Module: - The name of the module used in the activity.

    • Full Action: - It contains the URL path of the activity performed.

    • IP Address: - The IP address of the user.

    • Item: - Activity related item such as a product or system configuration changes.

    • Revert: - If the action is not complete then the REVERT column will have the notification.

    • Action: - It contains view where you can see the key details of the activity such as general and item info.

Admin Activity Logger

  • Admin Logger Detailed View for Admin Activities - To get more details about each particular action simply click on the 'View' link from Admin > System > Admin Activity Logger > Select Log > Click on 'View' > General, to view all the detailed data.

    • You can view all the general details of the user’s activity in the general tab.

  • Admin Logger Detailed View for Item Info - You can view the item details from Admin > System > Admin Activity Logger > Select Log > Click on 'View' > Items info.

    • This section contains all granular information. For instance if you place an order from the admin panel then all the details of the order such as price, store, etc. Are visible in this section.

  • Login Activity Grid - You can view login activities from Admin > System > Scommerce Admin Activity Logger > Active Sessions. It logs details of each and every single activity along with what value being changed by who and when. This section contains following information: -

    • Date: - The precise date and time of the log.

    • Type: - whether logged in or logged out.

    • Username: - Username of the person is stored here.

    • Name: - Name of the user

    • Ip Address: - You can see the IP address here.

    • User Agent: - The browser and device details of the user are shown here.

    • Status: - If the login fails then the status will show FAILED and if the login or logout is successful then it shows SUCCESS

  • Active Sessions Grid- You can view Active Sessions from Admin > System > Login Activity > Login Acti. It logs details of every active admin session on the store. The active session is listed with various useful details. Also, it gives the admin the option to terminate any active admin session through the "Terminate" button under the action column. Once terminated that admin will be logged out of the account automatically. Furthermore, the grid is completely filterable using various columns. This section contains the following information: -

    • Id: - A Unique ID for each active session.

    • Admin Username: - Username of the admin of that particular active session.

    • IP: - IP address of the admin of that session.

    • Last Action: - Last action performed by the admin of this session.

    • User Agent: - Various platform, device, and browser information of the admin of this session.

    • Action: - Contains the option to terminate this particular session.

Configuration Settings for Admin Login Security

Go to Admin > Stores > Configuration > Scommerce Configuration > Admin Login Security

General Settings

  • Enabled Admin Login Security – Select “Yes” or “No” to enable or disable the module.

  • Failed Attempts Limit :- Set the attempt limit for admin login. Once exceeded the account will be locked out or blacklisted as per further configuration. Make sure this limit is less than default Magento configuration.

  • Apply Action On Exceed Limit:- Choose the penalty for exceeding the failed attempt limit, between "Lockout" or "Blacklist. Lockout - When the number of failed attempts exceeds, the IP will remain blacklisted until the ‘Valid till' time limit. The 'Valid till' limit can be defined by the configuration 'Locked out period (in hours)' Blacklist - This action will be applied when the 'Failed Attempts Limit’ is exceeded and the IP will be blacklisted until it is manually removed.

  • Locked out period (in hours):- Set the “Valid Till” limit for the Lockout feature. The accounts will be locked out for period entered in this configuration.

  • Block Email Enabled:- Enable Emails when any lockout or blacklist occurs. The email is sent to the Store Owner as well as the blacklisted/locked-out user.

  • IP Block Email Template:- Select the email template to be used to send the email when a lockout/blacklist occurs.

  • Block And Lock Event Email Sender:- Select the sender email from your Default Magento configuration in case of lockout or blacklist.

  • Recipient Block Email:- Add the email (store owner) which will get emails about each and every lockout/blacklist. Whenever a lockout/blacklist happens the email will be sent to this address as well as the user.

  • Enabled Clear Login Attempts Logs Cron Job:- Set "Yes" or "No" to enable or disable clear logs cron job.

  • Clear Login Attempts Logs Cron Schedule:- Set the cron job to define how often you want to clear Login Attempts logs

  • Clear Login Attempts Logs Older Than X Days:- Set the number of days based on which the Login attempts Logs will be cleared based which are older than the set days. For eg:- if set 2, any login attempts logs older than 2 days will be cleared.

  • Enabled Clear Lockouts Cron Job:- Set "Yes" or "No" to enable or disable clear of not active lockouts by cron job

  • Clear Lockouts Cron Schedule:- Set the cron job to define schedule how often you want to clear logs

  • Allowed Countries:- Block users from one or multiple countries. If no country is selected, all countries are allowed.

  • Enabled Whitelist:- Set "Yes" or "No" to enable or disable whitelisting for an IP. If enabled, the user won't be allowed to log in until the IP is whitelisted.

  • Whitelist Email Enabled:- Set "Yes" or "No" to enable or disable whitelist Email. If this is enabled, the user will be sent an email with a link that allows them to either approve or deny the login. Approve - By approving, the IP will be added to the whitelist. Deny - The IP will be added to the blacklist if denied.

  • Whitelist request lifetime:- Set the request lifetime to define how long whitelist request will be valid in hours By default 1 hour.

  • IP Whitelist Email Template:- Select the email template for the login approval email that is sent to the user, based on the approval the user is whitelisted or blacklisted.

  • Whitelist Event Email Sender:- Select the sender email to be used to send out the User approval/whitelist email to the user.

  • Recipient Email:- Add the email (store owner) which will get emails about User approval/Whitelist emails. Whenever a user-approval/whitelist happens the email will be sent to this address as well as the user so store owner can also approve or deny the user from the email.

Scommerce Admin Login Security

Go to Admin > System > Scommerce Admin Login Security>

Admin Login Attempts

The Admin Login Attempts grid keeps a record of every login attempt made to the admin panel with various key details such as:-

  • ID

  • IP Address

  • Success

  • Admin Username

  • Created At

The grid is completely filterable with various columns such as ID, IP Address, Admin Username, Created At, etc.

Blacklist

The blacklist records grid contains information about all the blacklist users with several details such as ID, IP Address, Admin Username, Valid till, Created At, and Action. This grid is completely filterable. Each of the record can be deleted or edited from the Action column.

Go to Action>Edit and you can change various details for each of the records such as IP Address, Username, and Valid till date.

Whitelist

The Whitelist records grid contains information about all the blacklist users with several details such as ID, IP Address, Admin Username, Created At, and Action. This grid is completely filterable. Each of the records can be deleted or edited from the Action column.

Go to Action>Edit and you can change various details for each of the records such as IP Address, and Username.

Security Checklist Report

Go to Admin > System > Scommerce Security> Security Checklist

Security Checklist Report

The Security checklist grid has several distinctions for various checks: Warning, Error, and Success

  • Admin password Protection: - For Admin password protection, if a password change is not forced, the user will see an error. If the lifetime is more than 90 days, the user will see a warning. If a password change is forced and the lifetime is less than 90 days, then the user will see success.

  • Magento version check: - For a Magento version check, if the version is outdated, the user will see an error. Otherwise, the user will see success.

  • Database Prefix check: - For the Database prefix check, if the table prefix is not set in the configuration file, the user will see an error. Otherwise, the user will see success.

  • Frontend ReCaptcha Protection - For Frontend ReCaptchaProtection, if all frontend forms are protected with Recaptcha, the user will see success. When some forms are protected, the user will see a warning. If none of the forms are protected, the user will see an error.

  • Admin Captcha Protection:- For Admin Captcha protection, if all backend forms are protected with Captcha, the user will see a success. When some forms are protected, the user will see a warning. If none of the forms are protected, the user will see an error.

  • Admin path protection: - For Admin path protection, if the user's admin path doesn't contain words from the stop list, doesn't contain numbers or capital letters, and is at least 15 characters long, the user will see a success. If any of the criteria mentioned are not fulfilled, the user will see a warning.

  • Admin usernames check:- For Admin usernames check if the username contains words from the stop list or if the username contains numbers, the user will see a warning. Otherwise, success.

  • Admin users activity check: - For Admin admin user activity check if the account is unused, the user will see a warning. Otherwise, success.

  • Check for static scripts inserted from Config and CMS Pages: - For Static scripts in Configuration, CMS Blocks, and CMS Pages, if a text field has a static script, the user will see a warning. Otherwise, success.

License Key – Please add the license for the extension which is provided in the order confirmation email. Please note license keys are site URL specific. If you require license keys for dev/staging sites then please email us at .

License Key - Please add the license for the extension which is provided in the order confirmation email. Please note license keys are site URL specific. If you require license keys for dev/staging sites then please email us at

If you have a question related to this extension please check out our FAQ Section first. If you can't find the answer you are looking for then please contact .

Installation Via Composer
support@scommerce-mage.com
core@scommerce-mage.com
support@scommerce-mage.com
Installation
Configuration Settings for Security Base
Configuration Settings for Security Checklist
Configuration Settings for Admin Activity Logger
Configuration Settings for Advanced Login Security
Scommerce Admin Login Security
Security Checklist Report
A screenshot of a cell phone Description automatically generated