Skip to main content

Web Security Module For Magento 2

 With the Magento 2 Web Security module, the admin can provide security services for the Magento store from hackers. The admin can restrict any particular file type to get uploaded on the website and can ban the website for any country and IP address.

Brute force attack notifications to the admin and validation for the customer email address options are also available.

To use this extension the store owner must have the access to the following third parties services:-

Features

  • The Adobe Commerce Web Security module provides admin to enable the unrecognized login notification.
  • Master Password feature to block all sub-user accounts.
  • Allow admin to get each file upload notification in the system.
  • Admin can prevent file types to be upload.
  • Ban any country from login into the admin panel.
  • Admin can prevent the admin panel from a Brute Force attack.
  • Brute force logs available to admin.
  • Admin blacklist/whitelist IPs.
  • AbuseIPDB integrated to block and report IP.
  • Mailboxlayer integrated to validate emails for customers.
  • Real-time email validation for customers by admin.
  • Create custom email templates for each action.

Install Extension from Webkul Store

#1 Download Module

Firstly, you need to log in to Webkul Store, go to My Account>My Purchased Products section, verify and then download and extract the contents of this zip folder on the system.

#2 Upload Folder

Once the module zip is extracted, follow path src>app and then copy the app folder into the Magento 2 root directory on the server as shown below:

installation

#3 Run Commands

After uploading the module folder, you need to run the following commands in the Adobe Commerce root directory:

  • composer require geoip2/geoip2:~2.0
  • php bin/magento setup:upgrade
  • php bin/magento setup:di:compile
  • php bin/magento setup:static-content:deploy
  • php bin/magento indexer:reindex
  • php bin/magento cache:flush

Install Extension from Adobe Commerce Cloud Marketplace

If you have purchased this extension from the Magento Marketplace then please follow the below process or visit this link.

#1 Get Access Keys

You need to get access keys, navigate to My Profile in Adobe CommerceMarketplace, then choose Access Keys in the My Products section.

my-profile

Go to Magento 2 and then you need to copy both the Access Keys – Public Key and Private Key. These access keys will be needed in the next steps for authentication.

If access keys are not created earlier, click Create A New Access Key, enter any name and click OK.

create-key-name

#2 Update composer.json File

To know the component name and version number, go to your Adobe Commerce Marketplace account section, My Profile>My Purchases, then find this extension to view the details.

Please note – Below is an example image, every extension will have its unique component name and version.

know-component-name-version

After that, navigate to your Adobe Commerce Cloud project directory and update your composer.json file in the following format.

composer require <component-name>:<version>

For example, to install version 4.0.0 of this extension you need to run the following command:

composer require webkul/module-application-firewall:5.0.0

#3 Enter Access Keys

Now you will need to enter the Access Keys that you obtained as explained in the first step #1 Get Access Keys. Wait for Composer to finish updating your project dependencies and make sure there aren’t any errors.

#4 Run Command

You need to run the following commands:

  • composer require geoip2/geoip2:~2.0
  • php bin/magento setup:upgrade
  • php bin/magento setup:di:compile
  • php bin/magento setup:static-content:deploy
  • php bin/magento indexer:reindex
  • php bin/magento cache:flush

Multilingual Support

For multilingual support, the admin will navigate through Store->Configuration->General ->Locale Options and select the locale as German (the language into which the admin wants to translate his store content).

Configuration For Multilingual Support

Module Translation

If you want to translate their module language from English to German then follow the path src/app/code/Webkul/WebApplicationFirewall/i18n in their unzipped Magento 2 web security folder. Then you will get a CSV file with the name “en_US.csv”.

Now, rename that CSV as to your region code and language code “de_DE.csv” and translate all right side content in your language.

After editing the CSV, save it and then upload it where you have installed Magento 2 on the server.

The module will get translated into your desired Language.

translation-2

Admin Configuration

General Setting

The admin needs to configure the following sections as mentioned below to integrate the Adobe Commerce web security into the Adobe Commerce web.

Under the general setting section, the admin will configure the following fields: Enable Adobe Commerce Cloud Security: The admin needs to select “Yes” for enabling the following Adobe Commerce cloud Security.

Get Alerts about Unrecognized Admin Logins: The admin will get alerts each time admin logins through unrecognized means.

Select CMS Page for Blocked IPs: The admin can select the CMS pages to be displayed for IPs which are blocked by the admin.

Configuration-Settings-Stores-Magento-Admin-Web-Security

If the admin selects 404 Not Found as CMS Page to be displayed for the blocked IPs. Then consequently, If the users with blocked IPs will try to sign in they will see the following page as shown:

Page-not-found-web-security

Send Password Reset Request

If the admin selects this option, all the sub-admin or users will be blocked and will be shared an email with the reset password link.

general_setting-2

After that, the sub-admins will receive the following mail as shown below:

Web-Security-Mail

Malicious File Security

The admin will be able to enhance the Magento 2 web security of the website from malicious files by configuring the following as mentioned below.

  1. Get Notification if Any File Uploads by Adobe Commerce: The admin will get the notification for all the files uploaded on the Magento website.
  2. Prevent Uploading File With Extension(s): Add the extensions that you want to prevent uploading on your website and get a notification for prevented file uploads.
  3. Receive File Malicious Notification on Email Address: Set the Email Address on which the notification will be shared when the malicious file is uploaded.
  4. Check Multi Extension: Enable it (set it to ‘Yes’) to check for multiple extensions.
Malicious-Files-Security

Prevent Uploading File With Extension(s):

Admin/Sub-admin will get a notification for prevented file uploads as depicted below:

Disallowed-file-type-web-security

Also, the admin will receive a mail regarding this on the registered mail.

Web-security-mail-1

Receive File Malicious Notification on Email Address:

web-security-new-file-alert
Originally Published - https://webkul.com/

Comments

Post a Comment

Popular posts from this blog

Why Adobe Commerce Cloud is best suited for Headless eCommerce

  Headless architecture is trending now as it is considered the future of eCommerce. In this article, we will cover some points to tell Why Adobe Commerce Cloud is best suited for headless eCommerce?  Magento 2 is the most popular CMS for eCommerce Development. Also, it provides many features and tools which make the headless implementation much easier from developing from scratch. What is Headless eCommerce? Headless  is an approach where you separate the frontend and backend of the eCommerce Website. It means that your customer experience platform ( UI & UX) is independent of your Content Management system.  Today, when eCommerce is moving towards the Omnichannel approach the role of headless eCommerce becomes crucial. With its use, the shop owner can provide a more flexible, speedy, and personalized experience to their customers. Why Adobe Commerce Cloud is best for Headless eCommerce? Adobe Commerce Cloud provides many tools that make the headless architecture e
Post a Comment
Read more

Marketplace Quote System for WooCommerce

  WooCommerce Marketplace Quote System Plugin provides the functionality to the seller of the marketplace to allow the customer to quote their products. The seller can enable the quote system for their products. After that, a customer can send a quotation request of the products. This plugin is very useful for order the seller’s products in bulk. Using this plugin a customer can also communicate with the seller for their queries. Admin of the marketplace can also involve between the buyer and seller conversation. The admin can also change the status of the customer quote. Marketplace Quote System for WooCommerce is an add-on of Webkul WooCommerce Multi Vendor Marketplace Plugin. To use this plugin you have to install   Woocommerce Multi Vendor Marketplace  first. Highlighted Features Customized Pricing With this module, the admin/seller can provide the unique quoted price to the buyers. Bulk Product Purchase The customer can order product quantity in bulk and can get op
Post a Comment
Read more

How to Create Mobile Application with Laravel?

Laravel is a free and open-source PHP framework for "web artisans". Laravel is well-known for being a logical and strong framework that allows you to fully utilize the power of PHP once you understand what you're doing. The laravel native mobile app is enriched with numerous features which can help the user get the best. It powers numerous websites, online applications, and corporate systems throughout the internet. Using the framework, you may build anything from tiny, lightweight applications to huge complicated systems. Perhaps your Laravel eCommerce web app has received thousands of visitors, signups, and satisfied users. Advantages Of Laravel Laravel is ideally suited for all sorts of applications, especially those with specialized requirements such as portal mobile apps, social networking apps, and others. Source Code Integrity And Flexibility The PHP source code is customizable and versatile. Therefore, creating cross-platform applications frequently uses PHP. It
Post a Comment
Read more