£84.99
Compatible with Magento 2 community and enterprise 2.3.3 - 2.4.x including cloud edition

Enhance the security of your Magento 2 admin panel with our comprehensive Magento 2 Advanced Admin Login Security extension. From automated admin lockouts on failed attempts to customizable IP whitelisting and blacklisting, this extension provides a robust suite of features. Receive real-time email notifications, country-wise blacklist, and maintain detailed logs for a secure and stress-free admin experience. Elevate your security measures and fortify your Magento 2 store with confidence.

  • Admin Lockout on Failed Attempts
  • Blacklist and Whitelist Configuration including country-wise blacklist
  • Customizable Lockout Duration
  • Real-time Email Notifications
  • Reset Blacklist Records
  • Comprehensive Logging
  • User Approval System
  • User-friendly IP Management and validation

Free Support

up to 60 days

Free Upgrades

up to 1 year

Fully open source

 

Composer Package name:
scommerce/admin-login-security
Latest Version:
2.0.2

Product description

Magento 2 Advanced Admin Login Security Extension

Compatible with Magento 2 community and enterprise 2.3.3 - 2.4.x including cloud edition

Elevate the security of your Magento 2 admin panel with our feature-rich Login Security Extension. Seamlessly toggle advanced security measures from the Magento admin panel, including automatic admin lockouts on failed attempts and customizable IP blacklist and whitelist configurations. Tailor the lockout duration, receive real-time email notifications for added peace of mind, and benefit from features such as country wise blacklist taking security to the next level. Effortlessly reset and manage blacklist records, maintain comprehensive logs of all login attempts, and ensure accurate IP validation. Empower users with an email approval system for unknown login attempts and grant admins user-friendly IP management capabilities. Invest in Magento 2 Advanced Login Security for a fortified admin experience and confident protection against unauthorized access.

Why is Login Security Important for an Ecommerce Store such as Magento 2?

Securing the login process for an e-commerce store is of paramount importance in today's digital landscape, where cyber threats continue to evolve in sophistication and frequency. The login page serves as the gateway to a treasure trove of sensitive customer information, including personal details and financial data. Recognizing the critical role that login security plays in safeguarding this wealth of information is crucial for ensuring customer trust and maintaining the integrity of the online shopping experience.

 

One of the primary reasons for prioritizing login security in an e-commerce store is the prevalence of cyber attacks such as phishing. Phishing attempts often target login credentials, utilizing deceptive tactics to trick users into revealing their usernames and passwords. By implementing robust login security measures, including multi-factor authentication, encryption, and monitoring for suspicious activities, e-commerce businesses can effectively thwart phishing attempts and protect their customers from falling victim to fraudulent schemes.

 

Login Security

Additionally, login security extends beyond phishing to address a spectrum of potential threats, including credential stuffing, brute force attacks, and account takeovers. Each of these poses a unique risk to the integrity of user accounts and the overall security of the e-commerce platform. Proactive measures such as implementing strong password policies, employing advanced authentication methods, and continuously monitoring for unusual login patterns are essential components of a comprehensive login security strategy.

 

Beyond the immediate protection of customer data, prioritizing login security contributes to the overall trustworthiness of an e-commerce brand. In an era where data breaches and cyber threats make headlines regularly, customers are increasingly vigilant about the security practices of the online platforms they engage with. A secure login process not only protects customers from potential harm but also fosters a sense of confidence, encouraging them to transact and interact with the e-commerce store without apprehension.

 

The Magento 2 Advanced Login Security extension stands as a robust solution, equipped to combat various cyber threats. With features such as customizable lockout durations, IP blacklist configurations, and real-time email notifications, this extension ensures a fortified defense against unauthorized access attempts. By addressing diverse security concerns, from the deceptive tactics of phishing to the brute force tactics of credential stuffing, merchants reinforce customer trust, assuring them of a secure online shopping environment. In an era where digital trust is synonymous with brand credibility, the strategic implementation of Magento 2 Login Security becomes an active step towards establishing a secure and reliable online presence amidst the intricate web of cyber threats.

Implements Admin Lockouts on Failed Login Attempts

Implement Admin Lockout on Failed Attempts to mitigate the risk of unauthorized access by setting thresholds for unsuccessful login attempts, automatically locking out the admin IP address, and receiving notifications for added peace of mind. Moreover, with Customizable Lockout Duration, tailor the duration for which an IP address remains blacklisted after surpassing the specified failed login attempts, enhancing flexibility in security management. This integrated approach ensures a robust defense mechanism against potential security threats, providing both ease of use and customizable controls for a secure and efficient Magento 2 experience.

Advanced Access Control and Email Notifications

The module contains Blacklist and Whitelist Configuration which provides sophisticated access control, enabling you to tailor permissions using a customizable IP blacklist and whitelist. Implement country-wise restrictions effortlessly on the admin panel login page, ensuring precision in managing access. Simultaneously, our Email Notifications feature keeps you in the loop in real-time. Receive prompt notifications for lockout events, customized to your preferences, and configure notifications for both store owners and locked-out users, ensuring a proactive security approach. For enhanced user control, our extension goes beyond by sending emails to users when a login attempt is detected from an unknown IP address or device. This email includes a link for users to approve or deny the login. If the user approves the login, the specific IP address is seamlessly added to their IP address list, providing an additional layer of user-centric security management. In addition, our Reset Blacklist Records feature simplifies IP address management, offering an intuitive configuration and command system. Together with the new inclusion of Country-wise Blacklist, this integrated suite provides a comprehensive solution, reinforcing your Magento 2 environment with advanced security, user control, and real-time notification capabilities.

Enhanced User Control and Security

Empower your Magento 2 store with user-centric features seamlessly integrated into our system. User-Friendly IP Validation ensures precise accuracy, providing clear error messages for any invalid entries during the configuration process. Strengthening security further, our User Approval System introduces an email approval mechanism. Users receive notifications for login attempts from unknown devices or IP addresses, maintaining control with options to approve or deny access. Additionally, our User-Friendly IP Management feature empowers admins with flexibility. Easily edit or delete IP addresses from the whitelist or blacklist at any time, tailoring access control to meet your store's unique requirements seamlessly. This integrated suite offers an enhanced level of user control, ensuring both security and adaptability within your Magento 2 environment.

Thorough Security Monitoring with Comprehensive Logging

Our Comprehensive Logging feature provides a meticulous record of every login attempt within your Magento 2 store, whether successful or unsuccessful. This detailed log includes critical information such as the date, time, IP address, username, and login status. By maintaining an exhaustive overview of these security events, this feature allows you to closely monitor and analyze login activities, enabling you to promptly identify and respond to potential security threats. The Comprehensive Logging feature serves as a powerful tool for fortifying your store's security, offering valuable insights into user interactions, and ensuring that you are well-informed about the dynamics of your e-commerce platform.

Here are the main features of this module-:

    • Toggle advanced login security features from the Magento admin panel.
    • Set thresholds for failed login attempts, automatically locking out admin IP addresses and receive notifications for added security.
    • Customize IP blacklist and whitelist settings. It also gives you the ability to implement country-wise restrictions on the admin panel login page.
    • Tailor the duration of IP address blacklisting after exceeding failed login attempts.
    • Real-time email notifications for lockout events. The extension sends an email to the user when a login attempt is made from an unknown IP address or device, with a link to approve or deny the login. The link validity time is also customizable.
    • Upon approval the IP address is added to the whitelist records and upon denial the IP address is added to the blacklist records.
    • Effortlessly reset and manage blacklist records.
    • It can implement country wise blacklist as well.
    • Detailed logs of all login attempts, successful or failed. Monitor date, time, IP address, username, and login status.
    • Admins can edit or delete IP addresses from the whitelist or blacklist at any time.
    • It can be completely disabled if required from configurations
    • It supports multi-store environment
    • User friendly interface
    • Easy to install and manage

Compatible with Magento 2 community and enterprise 2.3.3 - 2.4.x including cloud edition


We offer 60 days of free support and 12 months of free upgrade for any standard Magento site when you buy this extension. You can also get our installation service for a small fee. If you want more benefits, you can purchase our 12 months of free premium support and free lifetime upgrade package. Please contact us if you need any assistance or customization for this extension. We will reply to you within 48 hours. We may also offer you a special deal or a free solution if we like your idea.


** Please refer to our FAQ or T&C section for running our extensions on multiple domains or sub-domains

FAQ

Frequently Asked Questions

 

Q. If the IP is both blacklisted and whitelisted, which one will be given priority?
If your IP is whitelisted and blacklisted, then the blacklist will take precedence.
Q. Can we set the login attempt limit for the Lockout and Blacklist actions?
A. Yes, you can. There is a configuration called 'Failed Attempts Limit' available to set the attempt limit. If the limit is exceeded, the account will be either locked out or blacklisted as per the configuration.
Q. Can we set the failed attempts limit to be greater than the default Magento limit?
A. No, the IP will remain blocked/blacklisted until the ‘Valid till' time limit. The 'Valid till' limit can be defined by the configuration 'Locked out period (in hours)'.
Q. Is the IP permanently blocked once it's blacklisted?
A. The IP will stay blocked forever until it is manually removed.>
Q. Can we restrict users based on their country ?
A. Yes you can. Users can be blocked from one or multiple countries by selecting the 'Allowed countries' option from the configuration. If no country is selected, all countries are allowed.
Q. When the IP is locked out or blacklisted, does it send emails to users?
A. Yes, it does send.
Q. Can IP be whitelisted on request or manually?
A. If the whitelist IP configuration is enabled, the user cannot log in until the IP is manually whitelisted or if they approve or deny the login via the link received in the email.
Q. Can I add more than one IP address to the whitelist for one user / can one user have more than one ip in whitelist?
Yes, multiple Ips can be whitelisted for one user or a user can have multiple ips in whitelist. This ensures that there’s no hinderance in workflow.

Q. How can I get license key for my development website?
A. Please login to your account and Go to My account section > From the left menu select Generate Dev License key > Enter the Dev site url and select the extension from the dropdown and click on generate to get the license key
Q. Can I test the extension before buying?
A. Unfortunately we can't provide you extension for testing purposes but we have demo available for most of our extensions and happy to provide full refund if the extension doesn't work
Q. Can I request for customisation on your extensions?
A. Yes we do provide all sort of customisation for our clients at the reasonable rates. And if we believe the customisation will help our product then we also provide great discount on the customisation
Q. I have two live domains, do I need a separate license key for each live domain?
A. Yes you need to buy a separate license key for each live domain (www.site.com) or sub-domain (de.site.com) or subfolder (www.site.com/de). If you are buying licenses for more than four live sites in one transaction then we can offer you 30% discount on total amount
Q. How can I upgrade my extension to the latest version?
A. If your extension is within the free upgrade period (12 months from purchased date) then simply email us with your order number and our team will send you the latest version of the extension but if it is outside free upgrade period then you need to buy an upgrade using the following link
https://www.scommerce-mage.com/magento-extension-installation-service.html

Once you received the latest version of our extension then we would highly recommend to delete all the files and folder of our extension from your website first before uploading the latest version because we might have removed existing files and keeping existing files could cause problems on your website.
Q. Does my license get expired after certain period?
A. No, your license is not going to get expired but we would highly recommend upgrading to get all the latest fixes (including security fixes if any), improvements and new features. In the upgrade, we also ensure it is compatible with the latest version of Magento and when you upgrade you will have a smooth transition.
Q.Where can I download the extension files?
A. Please login into your account on our website and go to the download link under my account section to download the extension package.
Q.Can you provide a key that works for our development (NOT PRODUCTION) environment which will work on a dynamic URL, for example, 12334.gitpod.com and 4567.gitpod.com?
A. Unfortunately it is not possible to generate license keys based on the dynamic URLs. License keys need to be generated per domain or subdomain whether it is production or non-production.
Q. How can I manually uninstall your module?
A. Please follow the below steps -:

Step 1: Navigate to our store and login to your account. Then go to the My Account Section, on the left menu click on Composer Instructions.
My account section
Step 2: Next, run the config commands shown on the top of the page then click on the extension that you want to install. A composer require command will be revealed in the dropdown menu. Run the command then clear caches to complete the installation. Composer instructions
Q. Do you support SPA (Single Page Application) / PWA (Progressive Web Application) / AMP ?
A. Unfortunately, we don’t support SPA or PWA or AMP but we may be supporting them in future depending upon the demand.

Change Log

Version 2.0.2
2024-02-05 13:13:53
Made it compatible to work with our security suite module
Version 2.0.1
2024-01-04 13:02:50
Resolved an issue with the assert function that caused the code sniffer to fail on the Magento marketplace.
Version 2.0.0
2023-12-29 12:58:55
Initial Release
Show More
Show Less

Reviews

Write Your Own Review
Write a Review