60-day Money Back
Frequent Update
365-day Support
Magento 2 Security Extension
v4.0.3Mageplaza Security extension for Magento 2 is a perfect security solution for online stores built based on Magento platform. The module helps prevent break-in attempts to your store from hackers. Thanks to an effective warning system, your valued information will be completely protected.
CE/EE/B2B/Cloud/
Adobe Commerce
2.2.x, 2.3.x, 2.4.x
Problems
There have been up to 650,000 stores using Magento 2 platform all over the world, and they are being ideal prey for hackers. Your Magento 2 store needs Mageplaza Security module to keep the bad guys out.
Solutions
Mageplaza Security resolves common Magento 2 security issues. Magento 2 Security extension is a perfect security suite for online stores built based on Magento platform. Mageplaza Security Suite helps prevent break-in attempts to your store from hackers. Thanks to an effective warning system, your valued information will be completely protected
Security checklist
Magento 2 Security extension provides store admins a security checklist which automatically displays all warnings of possible security risks about admin username, captcha, Magento version and database prefix.
Brute Force Attack protection
Admins are allowed to set a limit for the number of failed login attempts. This restriction will become a fundamental for the module to send shop owners a warning message whenever the store encounters risks of break-in attempts.
Login log
Mageplaza Security extension tracks and records all logins in a log along with its information like ID, Time, User name, IP, Browser Agent, Url and Status (Failure or Success). Store admins can view the details and trace the IP.
File change detection
Important files in the admin panel should not be changed without any awareness. Unwanted adjustments in the backend made by hackers are harmful to online stores. Hence, a tracking and warning system will definitely provide better protection for your business. The module is able to detect every single change of files in the backend such as adding, editing and deleting. Once these changes are found, they are also recorded and saved in the admin log. Moreover, a report email will be sent to admins shortly.
Action log
That an online store may have multiple admins and that hackers can break in and view or invisibly harm your store force us to find a solution to help you manage and protect it better. An advanced report of all actions performed in your store’s admin panel. In the action log, the information about time, IP, username, specific actions or changes will be reported in details. The datalog can also be compressed and backed up automatically to optimize your store's performance.
Away mode
Break-ins often occur when admins are not able to observe the store. In order to prevent the risks, store admins should be aware of unusual logins during night time or day off. Away mode is a great solution to restrict break-ins made in specific moments. As a result, admins don't have to keep an eye on their stores all the time but still can put their store under 24/7 protection.
More Features
Check out more details of Mageplaza Security
Blacklist/Whitelist IPS
Block or allow a range of IP addresses in backend. It is easy to setup in backend.
Warning email templates
After being enabled in the backend, the page will automatically scroll to top when loading results for your visitors to view.
Login report
A short report of the 5 most recent logins is featured on the Dashboard with the information of user names, login status and time.
Pricing
Choose your suitable edition.
Compare features
Standard
Crafted for a great webstore start $ 99 first year- 1-year extension updates
- 1-year support
- 60-day money-back guarantee
- Read our policies
- Supports for Magento 2 Community Edition
- Compare features
If the maximum number of times logins are failed is reached, a warning email will be sent to email addresses which are set.
You sure can. It is easy to customize email templates. Read this guide
In this case, any login attempts from your IP address will be blocked. If you assume that this is a mistake, please follow this guide to unblock.
Yes! It logs both Failure and Success status.
Mageplaza Security extension the standard version is still free on Github. However, the Github version does not include Mageplaza technical support package. If you still consider downloading the Security module on Github, please visit here.
Magento 2 Security by Mageplaza is one of the most advanced Security extension. It comes with powerful features which help you save time to send invoice manually and your invoices are professional. Fully compatible with:M2 OneStepCheckout, Social Login, Required Login, Login as Customer...
Mageplaza Security is compatible out-of-the-box with Magento Open (Community), Magento Commerce (Enterprise), Magento Cloud 2.2.x, 2.3.x, 2.4.x..
Reviews (27)
very easy to use
Simple to set up and very easy to use. As a non-technical person, after installation, it is easier to understand the security situation of my server. thanks
Complete pack
Love that it's a complete pack to get so you only need one tool like this and you'll know that you have done enough to protect your store.
AMAZING SUPPORT
I had some issues with installation and they made solution for me in time. Highly recommended Mageplaza and will buy more extensions here. 1000 Stars!!!
Amazing
Thanks, Mageplaza team your all extension is very helpful and I have purchased your many paid and free extension. Your all extension and Support is excellent and Mageplaza is one of the best Magento 2 developer company
best extensions
They are simply the best, this is such a pleasure to work with them and I worked with a lot of developers. Thanks for everything!
Admin
This extension was able to provide us details and we were able to blacklist IPs that were attempting to brute force admin area. The file change detection is not working on 2.3.4 but we hope to resolve it with the support. Mageplaza should add additional features such as automatic blacklist addition if IP is found on the AbuseIP database for example. Overall satisfied.
Keep it up Mageplaza!
Best service ever!
Added Security Always Welcomed
This extension works well, as it allows me to view who's logging into the admin page. Features that should've been native to Magento but isn't! Good job Mageplaza, any added security to Magento is welcome!
Love you guys for great support!
I just worked with Eric on Security Extension and he was very fast and helpful with my issue. I definitely appreciate this kind of support and will continue to speak highly about Mageplaza!
Good extension to prevent attack!
Really good for protecting your website! It can set a blacklist or a whitelisted IP, prevent brute force attack and set a warning email! I would definitely recommend this module to keep you ecommerce safe.
Exellent Module!!
I purchased the Pro version and definitely more advanced. If you have a Magento store, I think you have to buy this extension. Security is more important than anything. Thank you Mageplaza!!
Simply perfect!
We installed this extension after a brute force attack. The installation was easy and done in a few minutes. I was not sure about the correct configuration so that I had to contact the support team to finish the configuration.
Must-have extension in site
This extension is very useful to track your Magento store's Admin user activities. I'm using it for some time and I found no issues with it and it works perfectly. Anyone should try this extension on their Magento store so that they can have the best logging tool in their store. Thank you
Geat Extension
I have installed it but forgot to install the library, the support team was very kind to reinstall the library and set it up. It works great, looking forward to get the Pro version.
Great extension
Installed this extension and out of blue my Magento store is secured. Nice features, great usability, and nice coding. No bugs, all works perfectly. Highly recommended Magento 2 extension. Keep up good work!
Must-have extension
This extension is very useful to track your Magento store's Admin user activities. I'm using it for some time and I found no issues with it and it works perfectly. Anyone should try this extension on their Magento store so that they can have the best logging tool in their store.
Important module
This is one important and indispensable Security module. We were looking for a Security module and found this useful one from a reliable source. And guess what! It is a free module. That's awesome!
Great module
This is a good idea to offer it with the free edition. So once you try it, you will feel that it's good enough to have the paid one. Again, I would like to mention how great the support team is. They are super friendly and willing to assist as well. I'm looking for my next step to buy the paid version.
New product
I needed to view the log action in my admin website, so I tried to use this product, what it offers is not bad so you can see some logs actions.
Great plugin
It is nice to have the ability to log the logins when you have multiple accounts and a need for seeing anywhen and anywhere they have occurred. Also, the checklist is a nice touch. Overall: Good stuff for free :=)
Very good extension
The installation was so easy and because there are many colleagues who have an account, I can see exactly what is going on. This is a must-have extension. Also, the support is also very good.
Great for basic logging
This module is a very useful tool to control the basic logging of Admin users on your website. It would be better to have the action log of the users as well, but I guess it comes with a paid version :)
Good extension
I see no issues with Security extension. It seems to be running as it should. Now I am happy with my purchase. I have tested the features, and they are working well. I recommend this to anyone who wants little extra security.
Well Worth Having
The Standard (free) edition is a great way to get a security check that will advise you of ways to secure your store (I've implemented these changes), as well as getting a list of last logins to your admin panel. This can help reassure you that others are not accessing your store, and you can check the date of your last login to make sure that was you. The usefulness of this extension, and by making it free, means I will be considering the Professional edition.
Nice free module
I’ve got to say that it’s too good to have a free extension like Mageplaza Security. It works well on my store and helps prevent bad break-in attempts so effectively. No complaints for this.
Great support
I like the way Mageplaza support team works. Quick and effective! This extension is also awesome with adequate features for my online store.
Good quality code
I’m pleased with the quality of the extension, no bugs for my store. The extension gives me peace of mind about the security of my online store. Good work, Mageplaza~
Leave a Review
Use case 1: Have a checklist to catch all possible security risks
Business goal:
- Receive warnings about possible security threats to make necessary adjustments.
Default Magento technical limitations:
- There is simply no guidance on checking all security problems with a default Magento store.
Solutions:
- Provide a checklist that automatically shows warnings for all possible security risks on the website.
- Display threats in admin username, captcha, database prefix, Magento version, and more.
Use case 2: Protect the store from break-in attempts
Business goal:
- Defend against possible harmful logins from hackers
Default Magento technical limitations:
- You can't configure the login process with a default Magento backend.
Solutions:
- Set a limit number of times for failed login attempts..
- Send a warning message to the admin whenever there is a break-in attempt.
Use case 3: Keep track of all logins on the website
Business goal:
- View the login information and trace people who signed in to the store.
Default Magento technical limitations:
- It's impossible to extract information from logins if you use a default Magento backend.
Solutions:
- Track and record a login log with all information.
- Let admin view the ID, User name, IP, Time, Browser, URL, and the status of each login.
Use case 4: Detect backend file changes
Business goal:
- Know when there are unauthorized changes in the backend to make necessary protection.
Default Magento technical limitations:
- You have no way of receiving notifications about backend file modification.
Solutions (Pro Version only) :
- Detects and records all changes in the backend files such as editing, adding, or deleting.
- Send a report email to admins about the changes.
Use case 5: Manage all actions on site (by admins or not)
Business goal:
- Identify any suspicious actions on the website to take actions.
Default Magento technical limitations:
- If there are multiple admins, it's impossible to log all actions in a clear way.
Solutions (Pro Version only) :
- Record all information about IP, username, time, and their specific actions or changes anywhere on the site.
- Compress and backup the data log to optimize the website's performance.
Use case 6: Blacklist or Whitelist IP addresses
Business goal:
- Block or allow specific IP addresses to access the website.
Default Magento technical limitations:
- It's impossible to set up a blacklist or whitelist with a default Magento store.
Solutions:
- Let admins block or allow certain IP addresses in the backend For example, when you trace suspicious IP addresses with break-in attempts, you can blacklist them so they won't be able to access your website from their IP.
Use case 7: Block all login attempts in a specific period of time
Business goal:
- Set up days or times to block all login attempts
Default Magento technical limitations:
- You simply can't configure a timer to stop all login on the website.
Solutions:
- Provide Away Mode (Pro Version only) - forbidding all login attempts with a time period that you can set. For example, when you are doing technical maintenance on the website, you can turn on Away Mode for a day to protect the website and customers.
All of the feature updates plan and status will be updated as soon as possible in our public Trello.
View Mageplaza Extension Roadmap 2023 ->Don't see the features you are looking for?
Request feature-
v4.0.3 (Magento v2.3.x)
31 August 2022
- Compatible with Magento v2.4.4
-
v4.0.2 (Magento v2.3.x)
26 October 2021
- Compatible with Magento v2.4.3
- Added Clear Login Logs
- Fixed minor bugs
-
v1.1.7 (Magento v2.3.x)
26 October 2021
- Compatible with Magento v2.3.7
- Added Clear Login Logs
- Fixed minor bugs
-
v4.0.1 (Magento v2.3.x)
26 May 2021
- Compatible with Magento v2.4.2
-
v4.0.0 (Magento v2.3.x)
10 November 2020
- Supported Magento v2.4
-
v1.1.6 (Magento v2.3.x)
29 June 2020
- Fixed minor bugs
-
v1.1.5 (Magento v2.3.x)
30 December 2019
- Fixed minor bugs
- Improved code style & performance
-
v1.1.4 (Magento v2.3.x)
26 June 2019
Compatible with Magento 2.3.1
-
v1.1.3 (Magento v2.3.x)
13 August 2018
- Update Module license
Security Pro
- Fixed error when compiling module on Magento 2.2
-
v1.1.2 (Magento v2.3.x)
06 April 2018
- Update email template “lock-user”
-
v1.1.1 (Magento v2.3.x)
02 April 2018
Fix bug get wrong IP address if server use Varnish Cache
-
v1.1.0 (Magento v2.3.x)
29 March 2018
- Add Checklist feature
- Add Module Activation
- Move backend module menu to Magento System menu
-
v1.0.0 (Magento v2.3.x)
14 March 2018
Initial module v1.0.0
| Standard | Professional | |
| General configuration | ||
| Enable/Disable the module |  |
|
| Enter the email address to receive warning emails. | |
|
| Brute Force Protection | ||
| Enable/Disable using Brute Force Protection | |
|
| Set Maximum number of failed login attempts | |
|
| Allowed duration | |
|
| Locked User Alert | |
|
| Choose an email template to send alerts | |
|
| Blacklist/Whitelist IPs | ||
| Enter Blacklist IPs | |
|
| Enter Whitelist IPs | |
|
| Action Log Backup Configuration | ||
| Enable/Disable Action Log backup | |
|
| Choose the frequency of action log backup: Daily, Weekly, Monthly | |
|
| Enable Clear Log After Backup | |
|
| Away Mode | |
|
| File change configuration | ||
| Allow exclude files and folders | |
|
| Create Master Hashes | |
|
| Automatically check file changes and send an alert email daily using cron | |
|
| Choose an email template to send alerts | |
|
| Records | ||
| Record the Login Log | |
|
| View login details | |
|
| Display the 5 newest logins on the Dashboard with their Usernames, Login status and Time | |
|
| Display the Last Login information | |
|
| Provide Security Checklist | |
|
| Auto-fix security issues | |
|
| Trace all actions performed by anyone in the backend | |
|
| Report on Action Log Backup | |
|
| Detect file changes and notice admins on a regular basis | |
|
| Support | ||
| Auto-fit with every device (Mobile, Tablet, PC) | |
|
| Support multiple stores | |
|
| Support multiple languages | |
|
| Fully compatible with Mageplaza extensions | |
|
| 1-year free support | |
|
| Lifetime updates | |
|
| 60 days guarantee money back | |
|
Why choose Mageplaza Magento 2 Security
Mageplaza provides consistent and customer-centric extensions for your Magento 2 store.
We don't sell products for one time. We provide lifetime solutions which help our customers thrive with their businesses.
60-day Money Back
Extensive 60-day money-back period. You love it or get a full refund no questions asked.
Extensive Support Timeframe
Mageplaza provides support 16 hrs/day, 5.5 days/week to guarantee the seamless operation of our extensions on your store.
Install via Composer
Simple installation via composer helps you save time and eliminates technical issues during future updates.
Frequent Updates
Intensive update roadmaps ensure great performance, bug-free, highly compatible, and innovative extensions.
Also Recommended For Your Store
