USD
  • INR
  • USD
Cart
Cart 0
  • You have no items in your shopping cart.
    Cart
    Cart 0
    • You have no items in your shopping cart.

    Hire a Developer

    Now You can Hire Webkul Developer and get Webkul Modules Customized as per your needs.
    ×
    Contact Us!
    Send Again
    Close

    Please Login to Write Your Review

    Product Image
    Technology Partner Awards.
    Top Selling Extension Winner
    2 times in a row - 2017 & 2018

    Security Extension Suite for Magento 2

    Web Application Firewall for Magento 2: Using this extension the admin will be able to shield the Magneto 2 website from various hacks or attacks. The admin can prohibit the files with some specific file extensions from getting uploaded and will get apprised for all the files uploaded. The store owner can blacklist IPs and can even ban the country in which the backend cannot be accessed. Moreover, the admin will have details of brute force attacks and the admin login logs.

    Screenshots
    $199.00

    * Required Fields

    Add To Cart
    30 Days Refund*
    Lifetime Free Upgrade
    Only One Time Payment
    $199.00
    Configure and Buy
    • Description
    • Reviews
    • FAQ
    • Customers ()
    • Specifications
    • Cloud Hosting
    • Customization
    • Changelog

    Web Application Firewall for Magento 2: Magento 2 Security Extension enables the store owners to discover or investigate the security vulnerabilities and to protect their Websites from the numerous cyber-attacks and to keep them protected against hackers. The admin can proscribe any specific file extension type from getting uploaded on the Website.

    The admin gets a notification for all the files uploaded. Also, the admin receives a notification on the registered email for any malicious file uploads. The store owner can blacklist or whitelist IPs as well and can even ban the users country-wise from accessing the website. Magento 2 Security Extension allows the admin to receive the Brute force attack notifications and alert for unrecognized login attempts.

    This extension facilitates the store owners to keep a track of all the failed login attempts and allows them to report the abused IPs on the Abuse IPDB. In addition, the admin can validate customer email addresses and prohibit fraudulent customer registration by availing front-end Two-Step Authentication and Mailbox Layered Email Verification features. This assures the store owner of a hassle-free and secure online store experience.

    Enable DDoS Firewall Protection for Magento 2, to protect your website against cyber-attacks and illegitimate requests to overload the network system and resources. Distributed Denial of Service (DDoS) attack makes the website unavailable to intended users by temporarily or indefinitely disrupting host services connected to the internet.

    Important Note - To use this extension the store owner must have the access to the following third parties services:

    Highlighted Features

     Unrecognized Admin Panel Login Alerts

    To secure the website against any unwanted access, the admin will get alerts for all the unrecognized login activities. It also maintains the detailed logs of admin login activities.

     Send Password Reset Request

    This feature provides the admin with the master password feature to reset the password for all the sub-users.

     Malicious Files Security

    This feature facilitates the store owner to restrict any specific file types from getting uploaded on the website. The admin gets apprised for all the files uploaded.

     Ban User Country Wise

    It enables the store owner to ban users from one or more countries from accessing the website.

     Blacklist/Whitelist IP(s)

    The admin can blacklist or whitelist IP(s) to allow or disallow the users with a specific IP from accessing the website.

     Google 2FA (Two-Factor Authentication)

    This functionality will allow the store owner to have two-step authentication for the login which requires a QR code scan and OTP submission when the customer logs in.

     Protect Against Brute-Force

    This feature secures the website against proxy login attacks and sends warnings on the registered mail for every failed login attempt.

     Abuse IPDB

    The store owner will be able to get the banned IPs whose confidence score is lower than the defined and can report it to the Abuse IPDB for brute log-in.

     New Customer Instant Email Verification Via MailBox Layer

    This feature enables the admin to execute real-time layered email address verification. This makes sure that the customer has added a valid email address.

     Multiple Email Notifications Templates

    The admin can set different templates that will be shared with the sub-user and admin in different scenarios.

     View File Permissions

    This will help the admin to optimize the file permissions. Also, this feature enables the admin to identify whether the Magento store is on Production or Developer, or Default mode.

      Brute Force Login logs

    It maintains the logs of the users who tend to make login attempts. This section will specifically keep a detailed record of all the brute force login logs.

    Why do we need this module?

    The most essential feature of any website is surely smooth and secure running. As web stores are prone to security breaches. It is one of the prime and foremost requirements of any online store owner. After all, It is the security method of the store that has to keep the store information and transactions secured and protected from any cyber-attacks or hacks.

    This is even crucial to retain the customer’s trust. Obviously, no customer wants to hear that their confidential information like card details, addresses are discerned to cyber frauds. Henceforth, big tycoons prioritize the security issues to bring a secured experience to their online stores. This makes them able to make a significant mark in the world of e-commerce.

    Thus, integrating this module into the online stores will turn out to be a great advantage for the store owners all the way. This will enhance the customer faith and add value to their e-commerce enterprise. With the Magento 2 Security extension, the admin will ensure that there are no spoofing or brute force attacks on his Magento 2 website. Not only that but the front end fraud customer logins can also be restricted by validating the email address and executing Google Authentication for the potential customers and even for the affiliate users.

    Unrecognized Admin Panel Login Alerts

    Once configuring this Magento 2 Security Extension and enabling Magneto Security the admin gets the entire control over the website. This secures the website against any unwanted access and sends alerts to the admin for all the unrecognized login activities.

    It also maintains the detailed logs of admin login activities.

    • The admin will get alerts each time the admin logins through unrecognized means.
    • Any ambiguous admin login attempts will be notified.
    • The admin can select the CMS pages to be displayed for blocked IP(s).
    • The admin login logs keep a detailed track of each login activity.
    Unrecognized Admin Panel Login Alerts

    Send Password Reset Request

    Every store owner wants to keep his credentials secured and protected from intruders and frauds. Mishandling of credentials can pose a serious threat. There comes the Magento 2 Security Extension with a feature to protect the stores.

    • This feature provides the admin with the master password feature to reset the password for all the sub-users.
    • If the admin selects this option, all the sub-admins or users will be blocked.
    • Sub-users will get an email with the reset password link.
    Send Password Reset Request

    Malicious Files Security

    The store owner can protect the server from hackers by providing the right set of access for the files to be uploaded on the server. The admin must proscribe the malicious files from getting uploaded on the server.

    This feature in Magento 2 Security Extension facilitates the store owner to restrict any specific file types from getting uploaded on the website.

    • The admin gets apprised for all the files uploaded on the website.
    • If the customer tries to upload the restricted file(s) then the email notification will be shared on the registered email which is set by the admin in the configuration.
    • If there is any file that does not have the ideal permission, it will show an error status on uploading.
    • The admin can define the file type extensions like .jpg, .png, PHP, etc which he wants to restrict from getting uploaded on his website.
    • The admin will also get an email notification for the malicious file uploads.
    Malicious Files Security

    Ban User Country Wise

    Suppose you are running a website that has a potential market limited to the European region or in the United States. The store owner can ban the countries which are having a higher cyberattack rate.

    It enables the store owner to ban users from one or more countries from accessing the website.

    • It authorizes the admin to ban one or more countries from accessing the websites.
    • The users from the banned countries will not be able to even view the front end.
    • This requires a GeoIP2 Library integrated with this module for detecting the current geolocation of the customer using his IP address.
    Ban User Country Wise

    Blacklist/Whitelist IP(s)

    The admin can blacklist or whitelist IP(s) to allow or disallow the users with a specific IP from accessing the website. If the admins feel the IP(s) to be a threat to the website based on the activities recorded then this feature allows the admin to block the IP(s) from accessing the website.

    • The admin can block a particular IP or the class of the IP.
    • The Store owner can also whitelist the IP(s) or the class of the IP.
    • This will block all the other IPs which are not added. The admin can also check the debug logs for IPs if enabled.
    • The users with the blocked IP(s) will not be able to even view the front-end.
    Blacklist/Whitelist IP(s)

    Google 2FA (Two-Factor Authentication)

    Every customer wants his login details to be confidential so that no one can hack into their account and place a false order. This module helps them to secure their confidential details from intruders.

    • This functionality will allow the store owner to have two-step authentication for the login.
    • This requires a QR code scan and OTP submission when the customer logs in.
    • The store owner can enable the two-factor authentication for the customer that will be validated through the Google Authenticator.
    • After the first login through Google authentication, the customer can enable or disable the OTP authentication.
    • The “Trust my device” option will help the customer to select those devices in which the OTP authentication will not be required even if the authentication is enabled.
    Google 2FA (Two-Factor Authentication)

    Protect Against Brute-Force

    This is essentially crucial to protect the website from proxy login attacks. It can be one of the most detrimental threats if not dealt with the utmost care. This feature secures the website against proxy login attacks.

    • This feature protects the website against brute force attacks.
    • It enables the admin to secure his website from proxy login attacks.
    • It sends warning emails to the registered email address.
    • The admin receives the alert for each failed login attempt.
    • If enabled, the admin can send alert mail when an admin user is locked.
    Protect Against Brute-Force

    Abuse IPDB

    If we talk about the Magento 2 store, the user who is logged in as an admin will have complete control of the website. The user can log in with the admin credentials and can destroy the website in no time. To secure a website from these attacks our module offers Abuse IPDB support integrated into it.

    • If the proxy login attack is detected then the IP will be auto reported if enabled.
    • The admin can enable IP blocks based on the confidence score of the abuse.
    • Any user with a low confidence score will be blocked automatically.
    • The admin can define the fixed score as to above which IP will be rejected.
    • In case of any brute attack, the IP will be reported to the Abuse IPDB automatically.
    Abuse IPDB

    New Customer Instant Email Verification Via MailBox Layer

    Every website faces threats of attacks from fraud customers who create fraud accounts and add false or bad reviews on the website in order to downgrade the reputation of the website and its products. With the help of this module, the fraud customer with a fake email address will not be able to log in.

    • The module uses a mailbox layered email address validation which is integrated into it for authenticating and allowing only the genuine email addresses to sign in.
    • This feature enables the admin to execute real-time layered email address verification. This makes sure that the customer has added a valid email address.
    New Customer Instant Email Verification Via MailBox Layer

    Multiple Email Notifications Templates

    This feature in the web security module provides the admin with various templates to be used in different scenarios. The admin can set different templates that will be shared with the sub-user and admin in different scenarios.

    • The admin can select the sender to whom the notification will be shared and assign different templates for different scenarios.
    • It allows the admin to priorly set the different templates to be shared with sub-users.
    Multiple Email Notifications Templates

    View File Permissions

    To protect the website from any outside interference and to secure it from any hacks or attacks. It is mandatory to give access to only the right set of files to be manipulated on the website. The permissions to manipulate various files should be given with the utmost care.

    • This will help the admin to optimize the file permissions.
    • Also, this feature enables the admin to identify whether the Magento store is on Production or Developer, or Default mode.
    • The admin needs to select the server hosting whether shared(one user) or private(two users).
    • Consequently, the directories will be visible. Also, this will enable the admin to view all the files and their permission.
    • In a brief, the admin will get the status error if the permission is not ideal. In addition, this will help the admin to optimize the file permissions.
    • Thus, it will protect the websites from any vulnerability of the site.
    View File Permissions

    Brute Force Login logs

    This is essentially crucial to protect the website from proxy login attacks. It can be one of the most detrimental threats if not dealt with the utmost care. This feature keeps a track of all the proxy login attacks.

    • It maintains the logs of the users who tend to make login attempts.
    • This section will specifically keep a detailed record of all the brute force login logs.
    • Thus, the store owner can view all the IPs and their login URL, browser, and even the login time details.
    • This will help the admin to detect the fraud count and can even report them or can blocklist the imposters.
    Brute Force Login logs

    Complete Features List

    • The admin can enable/disable the Magento Security.
    • This module facilitates the admin to receive alerts for unrecognized admin logins.
    • Master Password feature to block all sub-user accounts.
    • It notifies the admin for each file uploaded on the website.
    • It enables the admin to restrict any specific file types from getting uploaded on the website.
    • The module enables the store owner to ban users from one or more countries from accessing the website.
    • The extension secures the website against proxy login attacks and sends warnings on the registered mail for every failed login attempt.
    • Brute force logs are available to the admin. Admin login logs in this module keep a detailed log of each admin login activity.
    • The admin can blacklist or whitelist IP(s) to allow or disallow the users with a specific IP from accessing the website.
    • The module has AbuseIPDB integrated with it to block and report abused IP(s).
    • This module provides the store owner to have two-step authentication for the customer login.
    • Mailboxlayer is integrated to validate emails for customers.
    • Also, it brings a feature for real-time email verification for customers by admin.
    • It has a functionality that enables the admin to optimize permissions.
    • This allows the admin to create custom email templates for each action.
    • The banned countries customer will not be able to access the front end of the site as well.

    Support

    For any query or issue please create a support ticket here http://webkul.uvdesk.com/.

    You may also check our quality Magento 2 Extensions.

    Rating 5.0
    based on 4 reviews

    Recent Reviews

    Write a review

    Webkul modules have the best business model ever

    Posted On - August 21, 2020

    Webkul Magento 2 modules have the best business model ever. They have an excellent professional team. They are helpful with rapid response. We found all that we need to build our marketplace.

    Great support and explanation

    Posted On - August 5, 2020

    Excellent explanation from Mr. Rahul Gupta regarding the functionality features.

    Customer support service is good

    Posted On - July 24, 2020

    Great support provided by the team in the setup of the module. Answered every query in a fast manner.

    Thank You

    24/7 support by a professional team

    Posted On - July 24, 2020

    Dear support,
    You are totally working 24/7.
    Appolpgize for the inconvenience
    I sometimes don't remember the time zone and differences between my time and yours!
    Cheers

    Frequently Asked Questions

     Which module offers the best security for Magento’s Website?
    Magento 2 Web Application Firewall (WAF) Security module offers secure login and prevention from data theft.
     
     Does the Magento 2 Web Application Firewall (WAF) Security module require any authentication while login on to the front end?
    Magento 2 Web Application Firewall (WAF) Security module offers 2factor authentication for customers to log in to the website.
     
     What is the feature of the 2factor authentication?
    To login, the customer needs to scan the QR code using the Google Authenticator, installed on the cellphone. The code received is to be added on the Webkul WAF Security 2factor Authentication pop-up, if matched, it authenticates the customer and redirects to the customer account.
     
     What is the major feature offered by Magneto 2 Web Application Firewall (WAF) Security module?
    The following module will offer IP, Country ban and view permission features, any user who tries to access site bearing the disabled IP or Country, will not be able to login or access the data.
     
     How can the admin set ideal permissions for all the files?
    The admin will be able to view all the files through the back end along with its permission and if the file's permissions are not correct it will be notified by the status.

    Move to Cloud Today

    AWS Free tier hosting for one year by amazon web services, for more details please visit AWS Free Tier.

    GCP Free tier hosting for one year with 300 credit points by google cloud platform, for more details please visit GCP Free Tier.

    Azure free tier hosting for one year with 25+ always free services, for more details please visit Azure Free Tier.

    In our default configuration we will provide tremendous configuration for your eCommerce Website which is fast to load and response.

    Default Configuration Details of Server

    • 1 GB RAM
    • 1 Core Processor
    • 30 GB Hard Disk
    • DB with 1 GB RAM and 1 Core Processor

    * Server Configuration may vary as per application requirements.

    Want to know more how exactly we are going to power up your eCommerce Website with Cloud to fasten up your store. Please visit the Cloudkul Services.

    Get Started with Cloud

    Module code is completely open that means anyone can customize the code as per his / her need , as the developer of the module we also provide customisation and development of the module please contact us for module customisation Paid Service

    Request Customization

    • + Features
    • - Bugs
    Version 5.0.0
    • + Version upgrade for Magento 2.4.x
    Version 4.0.0
    • + Supported Magento Version 2.4.x
    Version 3.0.0
    • + Supported Magento Version 2.3.x
    • + Admin can enable the unrecognized login notification.
    • + Master Password feature to block all sub-users accounts.
    • + Allow admin to get each file upload notification in the system.
    • + Admin can prevent file types to be upload.
    • + Admin can ban users from login into the admin panel on the basis of the country.
    • + Admin can prevent the admin panel from Brute Force attack.
    • + Brute force logs available to admin.
    • + Admin blacklist/whitelist IP.
    • + AbuseDB integrated to block and report IP.
    • + Mailboxlayer integrated to validate emails for customers.
    • + Admin can enable real-time email validation for customers.
    • + Admin is allowed to create a custom email templates for each action.
    • + Admin can enable Google 2 Factor Authentication for frontend.
    • + Then the Customer can enable/disable Google 2FA from his/her account.
    • + Admin can scan all directories/file permission based on his selection.