£84.99
Compatible with Magento 2 community and enterprise 2.3.3 - 2.4.x including cloud edition

In an era where digital threats loom large, the "Magento 2 Security Checklist" by Scommerce Mage stands as your stalwart guardian, fortifying the defenses of your eCommerce empire. Offering real-time insights, dynamic visual indicators, and continuous monitoring, this all-in-one solution covers essential checks—ReCAPTCHA, Database Prefix, Admin Credentials, Magento Version, and Security Patches. With links for detailed recommendations, manual and scheduled checks, and a proactive approach to addressing potential threats, fortify your store's defenses with ease.

  • Real-time Security Dashboard Widget
  • Visual Indicators: Green check marks for passed checks, red cross marks for failed checks
  • Summary with Security Score Percentage
  • Frontend and Backend Captcha Checks
  • Checks static scripts in blocks, cms pages and product attributes
  • Database Prefix Alert and Notification
  • Admin Username and Password Strength Display
  • Magento Version and Security Patches Verification
  • Checks whether admin 2FA is enabled or not
  • Manual and Scheduled Security Checks

Free Support

up to 60 days

Free Upgrades

up to 1 year

Fully open source

 

Composer Package name:
scommerce/admin-login-security
Latest Version:
2.0.2

Product description

Magento 2 Security Checklist

Compatible with Magento 2 community and enterprise 2.3.3 - 2.4.x including cloud edition

Ensuring the security of your Magento 2 store is paramount to protect sensitive customer data, maintain trust, and safeguard your business reputation. The "Magento 2 Security Checklist" by Scommerce Mage addresses this need by covering essential security aspects, guiding administrators through crucial checks that include ReCAPTCHA, Database Prefix, Admin Credentials, Magento Version, and Security Patches.

Importance of Security Checks in Magento 2

Ecommerce stores are lucrative targets for cyber threats. The vast amount of sensitive data they handle—customer information, financial transactions, and proprietary business data—makes them prime targets for malicious actors. Security vulnerabilities in your Magento 2 store can expose this treasure trove of data to unauthorized access, leading to potential financial losses, damage to brand reputation, and legal repercussions.

By incorporating routine security checks, the "Magento 2 Security Checklist" module mitigates these risks. It empowers administrators to proactively assess and bolster the security posture of their store, instilling confidence among customers and stakeholders. From preventing unauthorized access to safeguarding against data breaches, this module serves as a vigilant guardian, ensuring the integrity and reliability of your online business.

Magento 2 Security Checklist

Addressing Security Threats to Ecommerce Stores:

E-commerce stores face an array of security threats, including but not limited to:

  • Data Breaches: Unauthorized access to customer information and sensitive data.
  • Fraudulent Activities: Illicit transactions and financial losses.
  • Phishing Attacks: Deceptive attempts to acquire sensitive information.
  • Malware and Ransomware: Malicious software compromising system integrity.
  • Outdated Software Vulnerabilities: Exploitation of weaknesses in outdated platforms.

The "Magento 2 Security Checklist" module provides a proactive defense against these threats. By systematically checking and fortifying crucial security aspects, it reduces the attack surface and enhances the overall security posture of your Magento 2 store.

How the Module Resolves Security Threats

  • Real-time Visibility:The dynamic dashboard widget provides instant insights into the security status, allowing administrators to identify and address issues promptly.
  • Continuous Monitoring: Scheduled security checks ensure continuous monitoring, reducing the window of vulnerability and enhancing the store's overall resilience.
  • Actionable Recommendations: The module not only identifies security issues but also offers actionable recommendations and detailed guides for effective resolution.
  • Captcha Enforcement: Frontend and backend captcha checks bolster defenses against automated attacks, minimizing the risk of fraudulent activities.
  • Database Prefix Alert: Identification of potential risks related to database security and prompt alerts guide administrators to implement necessary measures, enhancing overall store integrity.
  • Admin Credential Strength: By evaluating the strength of admin usernames and promoting best practices, the module strengthens the first line of defense against unauthorized access.
  • Version and Patch Verification: Regular checks for the latest Magento version and installed security patches keep the store up-to-date with the latest security enhancements.
  • Static Scripts: The modules checks static scripts inserted from product attributes, CMS pages, and blocks to ensure that you know of any existing scripts. There is a possibility of these scripts being inserted by a malware or third party. 

In the ever-evolving landscape of online threats, the "Magento 2 Security Checklist" module not only meets industry standards but sets a new benchmark for proactive security measures. Download the module today and fortify your Magento 2 store against potential threats, ensuring the trust and confidence of your customers and stakeholders.

The main highlights of the module are-:

  • Real-time Security Dashboard Widget: Gain immediate insights into your store's security status at a glance.
  • Comprehensive Checks: Cover critical aspects including ReCAPTCHA, Database Prefix, Admin Credentials, Magento Version, and Security Patches.
  • Visual Indicators: Easily identify the status of each check with green check marks for passed checks and red cross marks for failed ones.
  • Summary with Security Score Percentage: View a summarized overview, including the number of passed and failed checks, along with a calculated security score percentage.
  • Frontend and Backend Captcha Checks: Ensure robust protection by verifying both frontend and backend Captcha settings against automated attacks.
  • Database Prefix Alert and Notification: Identify potential security risks related to the absence of a database prefix and receive alerts for timely action.
  • Admin Username and Password Strength Display: Evaluate and promote strong security practices for admin usernames and passwords.
  • Magento Version and Security Patches Verification: Confirm if your store runs the latest Magento version and check for installed security patches, with a convenient "Contact Us" button for assistance.
  • Links, Tool Tips, and Guides for Detailed Recommendations: Access additional insights and recommendations for each security check with provided links, tooltips, and comprehensive guides.
  • Manual and Scheduled Security Checks: Choose to run security checks manually or schedule them for automated runs at specified intervals using cron jobs.
  • Check for admin 2FA(Two Factor Authentication)
  • Check for static scripts in the blocks
  • Check for static scripts in the CMS pages
  • Check for static scripts inserted from product attributes
  • It's very easily manageable from configuration
  • It can be completely disabled if required from configurations
  • It supports multi-store environment
  • User friendly interface
  • Easy to install and manage



We offer 60 days of free support and 12 months of free upgrade for any standard Magento site when you buy this extension. You can also get our installation service for a small fee. If you want more benefits, you can purchase our 12 months of free premium support and free lifetime upgrade package. Please contact us if you need any assistance or customization for this extension. We will reply to you within 48 hours. We may also offer you a special deal or a free solution if we like your idea.


** Please refer to our FAQ or T&C section for running our extensions on multiple domains or sub-domains

FAQ

Frequently Asked Questions

Q. What are the criterias for getting a warning, error, and success message for various checks?
We have several distinctions for various checks:
  • For Admin password protection, if a password change is not forced, the user will see an error. If the lifetime is more than 90 days, the user will see a warning. If a password change is forced and the lifetime is less than 90 days, then the user will see success.
  • For a Magento version check, if the version is outdated, the user will see an error. Otherwise, the user will see success.
  • For the Database prefix check, if the table prefix is not set in the configuration file, the user will see an error. Otherwise, the user will see success.
  • For Frontend ReCaptchaProtection, if all frontend forms are protected with recaptcha, the user will see a success. When some forms are protected, the user will see a warning. If none of the forms are protected, the user will see an error.
  • For Admin Captcha protection, if all backend forms are protected with Captcha, the user will see a success. When some forms are protected, the user will see a warning. If none of the forms are protected, the user will see an error.
  • For Admin path protection, if the user's admin path doesn't contain words from the stop list, doesn't contain numbers or capital letters, and is at least 15 characters long, the user will see a success. If any of the criteria mentioned are not fulfilled, the user will see a warning.
  • For Admin usernames check, if the username contains words from the stop list or if the username contains numbers, the user will see a warning. Otherwise, success.
  • For Admin admin user activity check, if the account is unused, the user will see a warning. Otherwise, success.
  • For Static scripts in Configuarion,CMS Blocks, and CMS Pages, if a text field has a static script, the user will see a warning. Otherwise, success.
Q. What is the difference between generating a security report using cronschedule and without using cronschedule?
A. If the user wants to generate a report without using a cron job, click on "Generate Report." Otherwise, wait for the cron job to run and refresh the page. The user would see a new report.
Q. On what basis are we seeing the percentage protected below the report?
A. If we have ten fields enabled in our security checklist, out of which 2 are showing success, 3 are showing warning, and 5 are showing error, then our calculation will go as follows: number of fields showing success/total number of enabled fields *100.
Q. Why are the frontend and backend Repcaptcha fields still showing success even when I enter incorrect keys?
A. It is impossible for our module to check if keys are valid or not; however, if you insert incorrect keys, there is a high possibility you will not be able to fully use the website, as you will not be able to submit forms. So there is no point in just setting captcha as enabled to bypass the checklist checker; the website will not be functional.

Q. How can I get license key for my development website?
A. Please login to your account and Go to My account section > From the left menu select Generate Dev License key > Enter the Dev site url and select the extension from the dropdown and click on generate to get the license key
Q. Can I test the extension before buying?
A. Unfortunately we can't provide you extension for testing purposes but we have demo available for most of our extensions and happy to provide full refund if the extension doesn't work
Q. Can I request for customisation on your extensions?
A. Yes we do provide all sort of customisation for our clients at the reasonable rates. And if we believe the customisation will help our product then we also provide great discount on the customisation
Q. I have two live domains, do I need a separate license key for each live domain?
A. Yes you need to buy a separate license key for each live domain (www.site.com) or sub-domain (de.site.com) or subfolder (www.site.com/de). If you are buying licenses for more than four live sites in one transaction then we can offer you 30% discount on total amount
Q. How can I upgrade my extension to the latest version?
A. If your extension is within the free upgrade period (12 months from purchased date) then simply email us with your order number and our team will send you the latest version of the extension but if it is outside free upgrade period then you need to buy an upgrade using the following link
https://www.scommerce-mage.com/magento-extension-installation-service.html

Once you received the latest version of our extension then we would highly recommend to delete all the files and folder of our extension from your website first before uploading the latest version because we might have removed existing files and keeping existing files could cause problems on your website.
Q. Does my license get expired after certain period?
A. No, your license is not going to get expired but we would highly recommend upgrading to get all the latest fixes (including security fixes if any), improvements and new features. In the upgrade, we also ensure it is compatible with the latest version of Magento and when you upgrade you will have a smooth transition.
Q.Where can I download the extension files?
A. Please login into your account on our website and go to the download link under my account section to download the extension package.
Q.Can you provide a key that works for our development (NOT PRODUCTION) environment which will work on a dynamic URL, for example, 12334.gitpod.com and 4567.gitpod.com?
A. Unfortunately it is not possible to generate license keys based on the dynamic URLs. License keys need to be generated per domain or subdomain whether it is production or non-production.
Q. How can I manually uninstall your module?
A. Please follow the below steps -:

Step 1: Navigate to our store and login to your account. Then go to the My Account Section, on the left menu click on Composer Instructions.
My account section
Step 2: Next, run the config commands shown on the top of the page then click on the extension that you want to install. A composer require command will be revealed in the dropdown menu. Run the command then clear caches to complete the installation. Composer instructions
Q. Do you support SPA (Single Page Application) / PWA (Progressive Web Application) / AMP ?
A. Unfortunately, we don’t support SPA or PWA or AMP but we may be supporting them in future depending upon the demand.

Change Log

Version 2.0.1
2024-03-22 17:07:55
The message for the static script check in CMS pages has been corrected. It now accurately states, "There are no CMS pages that contain scripts." Script tag insertions have been extended to include product and category attributes including meta information. It also reports if 2FA (Two-Factor Authentication) is not enabled, enhancing overall system security.
Version 2.0.0
2024-01-30 08:50:31
Initial Release
Show More
Show Less

Reviews

Write Your Own Review
Write a Review