Skip to main content

Web Security Module For Magento 2

 With the Magento 2 Web Security module, the admin can provide security services for the Magento store from hackers. The admin can restrict any particular file type to get uploaded on the website and can ban the website for any country and IP address.

Brute force attack notifications to the admin and validation for the customer email address options are also available.

To use this extension the store owner must have the access to the following third parties services:-

Features

  • The Adobe Commerce Web Security module provides admin to enable the unrecognized login notification.
  • Master Password feature to block all sub-user accounts.
  • Allow admin to get each file upload notification in the system.
  • Admin can prevent file types to be upload.
  • Ban any country from login into the admin panel.
  • Admin can prevent the admin panel from a Brute Force attack.
  • Brute force logs available to admin.
  • Admin blacklist/whitelist IPs.
  • AbuseIPDB integrated to block and report IP.
  • Mailboxlayer integrated to validate emails for customers.
  • Real-time email validation for customers by admin.
  • Create custom email templates for each action.

Install Extension from Webkul Store

#1 Download Module

Firstly, you need to log in to Webkul Store, go to My Account>My Purchased Products section, verify and then download and extract the contents of this zip folder on the system.

#2 Upload Folder

Once the module zip is extracted, follow path src>app and then copy the app folder into the Magento 2 root directory on the server as shown below:

installation

#3 Run Commands

After uploading the module folder, you need to run the following commands in the Adobe Commerce root directory:

  • composer require geoip2/geoip2:~2.0
  • php bin/magento setup:upgrade
  • php bin/magento setup:di:compile
  • php bin/magento setup:static-content:deploy
  • php bin/magento indexer:reindex
  • php bin/magento cache:flush

Install Extension from Adobe Commerce Cloud Marketplace

If you have purchased this extension from the Magento Marketplace then please follow the below process or visit this link.

#1 Get Access Keys

You need to get access keys, navigate to My Profile in Adobe CommerceMarketplace, then choose Access Keys in the My Products section.

my-profile

Go to Magento 2 and then you need to copy both the Access Keys – Public Key and Private Key. These access keys will be needed in the next steps for authentication.

If access keys are not created earlier, click Create A New Access Key, enter any name and click OK.

create-key-name

#2 Update composer.json File

To know the component name and version number, go to your Adobe Commerce Marketplace account section, My Profile>My Purchases, then find this extension to view the details.

Please note – Below is an example image, every extension will have its unique component name and version.

know-component-name-version

After that, navigate to your Adobe Commerce Cloud project directory and update your composer.json file in the following format.

composer require <component-name>:<version>

For example, to install version 4.0.0 of this extension you need to run the following command:

composer require webkul/module-application-firewall:5.0.0

#3 Enter Access Keys

Now you will need to enter the Access Keys that you obtained as explained in the first step #1 Get Access Keys. Wait for Composer to finish updating your project dependencies and make sure there aren’t any errors.

#4 Run Command

You need to run the following commands:

  • composer require geoip2/geoip2:~2.0
  • php bin/magento setup:upgrade
  • php bin/magento setup:di:compile
  • php bin/magento setup:static-content:deploy
  • php bin/magento indexer:reindex
  • php bin/magento cache:flush

Multilingual Support

For multilingual support, the admin will navigate through Store->Configuration->General ->Locale Options and select the locale as German (the language into which the admin wants to translate his store content).

Configuration For Multilingual Support

Module Translation

If you want to translate their module language from English to German then follow the path src/app/code/Webkul/WebApplicationFirewall/i18n in their unzipped Magento 2 web security folder. Then you will get a CSV file with the name “en_US.csv”.

Now, rename that CSV as to your region code and language code “de_DE.csv” and translate all right side content in your language.

After editing the CSV, save it and then upload it where you have installed Magento 2 on the server.

The module will get translated into your desired Language.

translation-2

Admin Configuration

General Setting

The admin needs to configure the following sections as mentioned below to integrate the Adobe Commerce web security into the Adobe Commerce web.

Under the general setting section, the admin will configure the following fields: Enable Adobe Commerce Cloud Security: The admin needs to select “Yes” for enabling the following Adobe Commerce cloud Security.

Get Alerts about Unrecognized Admin Logins: The admin will get alerts each time admin logins through unrecognized means.

Select CMS Page for Blocked IPs: The admin can select the CMS pages to be displayed for IPs which are blocked by the admin.

Configuration-Settings-Stores-Magento-Admin-Web-Security

If the admin selects 404 Not Found as CMS Page to be displayed for the blocked IPs. Then consequently, If the users with blocked IPs will try to sign in they will see the following page as shown:

Page-not-found-web-security

Send Password Reset Request

If the admin selects this option, all the sub-admin or users will be blocked and will be shared an email with the reset password link.

general_setting-2

After that, the sub-admins will receive the following mail as shown below:

Web-Security-Mail

Malicious File Security

The admin will be able to enhance the Magento 2 web security of the website from malicious files by configuring the following as mentioned below.

  1. Get Notification if Any File Uploads by Adobe Commerce: The admin will get the notification for all the files uploaded on the Magento website.
  2. Prevent Uploading File With Extension(s): Add the extensions that you want to prevent uploading on your website and get a notification for prevented file uploads.
  3. Receive File Malicious Notification on Email Address: Set the Email Address on which the notification will be shared when the malicious file is uploaded.
  4. Check Multi Extension: Enable it (set it to ‘Yes’) to check for multiple extensions.
Malicious-Files-Security

Prevent Uploading File With Extension(s):

Admin/Sub-admin will get a notification for prevented file uploads as depicted below:

Disallowed-file-type-web-security

Also, the admin will receive a mail regarding this on the registered mail.

Web-security-mail-1

Receive File Malicious Notification on Email Address:

web-security-new-file-alert
Originally Published - https://webkul.com/

Comments

Post a Comment

Popular posts from this blog

Top Considerations for Hiring a Laravel Mobile App Development Company for Business

In today's digital age, mobile apps have become an essential component for businesses to thrive and stay competitive. Whether you have a small startup or a large enterprise, having a mobile app can significantly boost your brand presence and customer engagement. Consequently, choosing the right mobile app development company is a crucial decision that can impact the success of your business. When it comes to developing a mobile app using Laravel, there are several important considerations to keep in mind. Laravel Development Company When hiring a Laravel development company, it is essential to find a team of skilled professionals who specialize in this framework. Laravel is a widely popular PHP framework known for its elegant syntax and extensive set of features. It offers scalability, security, and flexibility, making it an excellent choice for building robust and reliable mobile applications. Here are the top considerations you should keep in mind when selecting a Laravel mobile ...
Post a Comment
Read more

How to Create Mobile Application with Laravel?

Laravel is a free and open-source PHP framework for "web artisans". Laravel is well-known for being a logical and strong framework that allows you to fully utilize the power of PHP once you understand what you're doing. The laravel native mobile app is enriched with numerous features which can help the user get the best. It powers numerous websites, online applications, and corporate systems throughout the internet. Using the framework, you may build anything from tiny, lightweight applications to huge complicated systems. Perhaps your Laravel eCommerce web app has received thousands of visitors, signups, and satisfied users. Advantages Of Laravel Laravel is ideally suited for all sorts of applications, especially those with specialized requirements such as portal mobile apps, social networking apps, and others. Source Code Integrity And Flexibility The PHP source code is customizable and versatile. Therefore, creating cross-platform applications frequently uses PHP. It...
Post a Comment
Read more

How can Laravel Development Services Help Your Business?

You are using the PHP framework. Well, we’ll make things more comfortable for you, which will help best improve your company strategy. If you want to gain your business shifting in a good direction, the Laravel development service is properly what you must think about! With the Laravel development service, you’ll be capable of custom web applications for your exact business requirements. This is excellent for a small industry or even a larger business. You should decide on a Laravel development company like webkul for the following reasons: It is simple It is quick It is effective As a development, you will help from an inbuilt validation library when utilizing the Laravel development service . It will save misconduct at bay and improve the probability of more results. Whether you require website development or business applications for your company, you still look for a platform that can deliver you with the most components. And the Laravel framework consistently exceeds expecta...
2 comments
Read more