
Working for OpenCart since 2010 and contributed to latest stable release v3.0.3.7
OpenCart Security Suite
OpenCart Web Application Firewall: This module offers an extremely interesting 2factor Authentication feature for admin, customers, and affiliate user login, which requires a QR code scan using a Google authenticator application installed on the smartphones. Also, the admin has the leverage to disable/ enable one or more IP/ countries, restricting/allowing specific users.
Working for OpenCart since 2010 and contributed to latest stable release v3.0.3.7
- Description
- Reviews
- FAQ
- Customers ()
- Specifications
- Cloud Hosting
- Changelog
OpenCart Web Application Firewall: With so much data that is present online nowadays, it has become necessary to manage and safeguard the integrity of the data. For that, online business entrepreneurs are striving to integrate effective measures to ensure the security of the website and the customer's data. It is an essential step as well to develop customer's trust because it is one of the necessary steps to retain a customer which in turn is the key to a flourishing online business.
Therefore, Opencart’s Web Application Firewall (WAF) Security is one such module that offers high-class security against data theft and unauthorized user access by providing the 2factor Authentication feature which allows login only after a QR code is scanned using a Google authenticator. It also offers features such as IP/ Country ban, restricting/ allowing specific users to log in to a website.
Please Note -
- This module supports all templates and themes including the Journal theme.
- Opencart Web Application Firewall (WAF) Security supports the Multi-Store feature of default Opencart.
Highlighted Features
2-Factor Authentication
To provide additional security, the store owner may allow 2-Factor Authentication for admin, customers, and affiliate users which requires a QR code scan while logging in.
The Recaptcha feature
The store owner may allow the Recaptcha feature as well for the admin login purpose.
Restricting Data Access through IP/ Country Ban
The store owner may disable one or more IP(s) and country(s). It restricts any user trying to login bearing the disabled IP or country.
Brute Force Log
It maintains the logs of the users who tend to make login attempts.
Why is there a need for Opencart WAF Security?
Data Security is one of the major concerns for any website if one takes ongoing cybercrimes into account. Had a giant marketplace like Amazon been exposed to data theft or any such malicious activity, it would not have retained such a never-ending list of customers.
Having said that, OpenCart’s Web Application Firewall (WAF) Security module, ensures that a website or application does not encounter any unauthorized data or activity as it provides 2factor Authentication for admin customer and affiliate users and they can only login after scanning the QR code.
The store owner has the leverage to ban one or more IPs or Countries so as to restrict or allow specific users to log in to a website. This way one can secure and safeguard the website’s data without having to lose any crucial data of a website.

Gathering reCAPTCHA API Keys
reCAPTCHA API keys are essential to configure the basic configurations of the WAF Security module.
- Initially, the user needs to navigate to the Google reCAPTCHA page.
- Clicking the admin console will redirect to the reCAPTCHA details page.
- The user needs to add a label for the reCAPTCHA.
- A reCAPTCHA type must be chosen.
- Add a domain where the user wishes to display the reCAPTCHA.
- The user must accept the terms and services and register in order to retrieve the keys.

Admin Permissions
Secure data is the key to real sales and revenue generation and it’s essential as well to ensure the integrity of any online data. The admin allows a 2-Factor Authentication for securing even the login process.
- As the store owners log in to the website, they will encounter a WAF pop-up.
- This pop-up consists of a QR code, which on scanning, provides a 6 digit code.
- The QR code is scanned using a Google Authenticator app installed on a smart-phone.
- This code is to be entered against the Google 2Factor Authentication Code tab.
- As the code matches, the admin can click on the authenticate button.
- If the code does not match, the admin needs to logout and follow the same procedure and scan a new QR code again.

WAF Security IP and Country Ban
Nowadays it is quite easy for hackers to attack online data. Therefore, when any suspicious activity is encountered, the store owner may ban one or more IP(s) and Country(s) to avoid any malicious activity.
- From the list of IP’s or Countries, the admin can enable or disable any IP or Country at any point in time.
- The admin may choose the disabled IP(s) or Country(s) to enable and allow data access.
- Likewise, the admin can disable the enabled IP(s) or Country(s) to restrict the data access.
- If any user, bearing the disabled IP/ Country tries to log in, it restricts the data access for the same.
- If any user, bearing the enabled IP/ Country tries to log in, it allows the data access for the same.
- This safeguards the data and protects it from data theft.

2-Factor Authentication for Customers
It is the prime responsibility of the store owner to ensure the safety of the customer's data, which may be extremely crucial at times such as card details.
This module assures to retain the integrity of the customer's data as well by providing the 2-Factor Authentication, Email Verification and Recaptcha at various levels for additional security.
- This module offers security at various levels for both the registered and new customers.
- The registered customers will find the 2factor authentication before logging in to their accounts.
- To login, the registered customers need to scan the QR code and add the code and authenticate.
- The new customers will find the verify email button for email verification while filling in the personal details for registration purposes.
- In the contact us form, the customers will find the Recaptcha option.

Features
- The store owner can enable 2-factor authentication for the admin, customer, and affiliate user login.
- Thus, for 2-factor authentication, the login users must scan the QR code using Google authenticator.
- The Recaptcha feature is allowed for the admin's login purpose.
- This module allows pre-sign up email validation.
- This module also integrates the AbuseIPDB to block and report IP.
- The admin may choose to allow or disallow specific file types that can be uploaded.
- Notifications for resetting passwords are sent to the admin users and customers if need be.
- The admin can create custom email templates.
- For additional security, the admin may choose to restrict an IP or given a set of IPs to access the website's data.
- Also, the admin may restrict a country or set of countries to access the website's data.
- A Brute Force log consists of a list of users who tend to have made login attempts.
- It also displays a list of secure/ insecure directory content of the website.
- The overall security of the website's data is taken care of by WAF and it protects data from malicious attacks.
- Allows with WAF Security Email Domain Ban feature and shows WAF Security Email Domain Ban log as well.
Support
For any query or issue, please create a support ticket here http://webkul.uvdesk.com/.
You may also check our quality Opencart Extensions.
Specifications
Recent Reviews
Write a reviewBest Support by Webkul
The best team ever.

Frequently Asked Questions
Move to Cloud Today
AWS Free tier hosting for one year by amazon web services, for more details please visit AWS Free Tier.
GCP Free tier hosting for one year with 300 credit points by google cloud platform, for more details please visit GCP Free Tier.
Azure free tier hosting for one year with 25+ always free services, for more details please visit Azure Free Tier.
In our default configuration we will provide tremendous configuration for your eCommerce Website which is fast to load and response.
Default Configuration Details of Server
- 1 GB RAM
- 1 Core Processor
- 30 GB Hard Disk
- DB with 1 GB RAM and 1 Core Processor
* Server Configuration may vary as per application requirements.
Want to know more how exactly we are going to power up your eCommerce Website with Cloud to fasten up your store. Please visit the Cloudkul Services.
Get Started with Cloud- + Features
- - Bugs
- + Updated WAF module for opencart version-4.x.x.
- + Implemented one-time QR code display for users in version 3.x.x.x .
- - Fixed git issues.
- - Fixed the ip related issue in all versions
- + Change login Process(admin/catalog)
- - fixed XML files issue
- + Updated for Opencart version 2.0.x.x
- - fixed the minor language issues in both the versions
- - fixed the language issues in both the versions
- - fixed the checkout case issues in both the versions
- - fixed the language text issues in both the versions
- - fixed the remaining issues in both the versions
- - fixed all the remaining issues in both the versions
- - fixed all the issues and implemented suggestion in both the versions
- - fixed all the issues in both the versions
- - update email domain ban in both the versions with theme patch
- - Update library file in both the Version.
- - add important links, installation guide etc
- - fixed all issues
- - add the module in version 2.3.x.x with journal theme patch
- - fixed error-index issue and zero value issue
- - add and change language text
- - change less than sign issue
- - extend mail description limit and variable conflict issue
- - implement suggestion
- - fixed PHPCS issues
- - fixed the grammar errors in other language files
- - fixed the grammar errors
- - fixed all the git issues and implement the suggestion
- - fixed all the git issues and implement the suggestion
- + Add journal theme patch for Version 3.x.x.x and resolved GIT issues
- - fixed wrong string issue in Version 3.x.x.x
- + add module for Version 3.x.x.x