Magento 2 Secure Your Admin

It is important to ensure and upgrade the security of your administration. Hence, you should manage the setting to Secure Your Admin to protect your system as well as to suit the characteristics of your store. To help you understand about the security function that Magento 2 supplies, let me instruct you how to find and configure admin security effectively.

Website Support
& Maintenance Services

Make sure your store is not only in good shape but also thriving with a professional team yet at an affordable price.

Get Started

Tips to secure your admin in Magento 2

• Customize the Admin URL to make sure it is hard to guess.
• Use strong passwords that include letters, numbers, and symbols.
• Set the keyboard inactivity time that requires users to re login when it is over
• Enable Two-factor authentication to verify one-time password
• Use reCAPTCHA to add another security level

Now, let’s check 3 steps out to secure your admin better:

Related topics

• 62% stores have vulnerability and 14% stores have 4+ security issues.
• Security Checklist
• Secure Your Admin
• Quick login without password
• How To Stop Brute Force Attacks

3 Steps to Secure Your Admin in Magento 2

• Step 1: Go to the Security tab
• Step 2: Set options for the Security section
• Step 3: Save the customization

Step 1: Go to the Security tab

• On the Admin sidebar, click Stores > Settings > Configuration.
• In the panel on the left, choose Advanced > Admin > Security.

Step 2: Set options for the Security section

• In the Add Secret Key to URLs field, leave Yes as in default to enable a secret key to Admin URLs or choose No to disable it. Because Secret Key is useful for preventing CSRF (Cross-site request forgery) Attack, it is recommended to be activated.
• In the Login is Case Sensitive field, select Yes to recognize the difference between upper and lowercase characters then demand the user to login with the exact account name and password.
• In the Admin Session Lifetime (seconds) field, enter a number which is required to be greater than 60 to determine the time that a user is allowed not to have any action in a session before the system auto-logout the account. To skip this setting, leave the field blank.
• In the Maximum Login Failures to Lockout Account field, set a number to decide how many times a user can type the wrong password before their accounts are locked.
• In the Lockout Time (minutes) field, enter the number of minutes to lock an account before the user can log in again. This option can Tackle brute force attacks.
• In the Password Lifetime (days) field, set the number of days a password can be used before it expires. Leave the field blank if you do not want to activate this feature.
• In the Password Change field, select Forced to require the users to change their password before it expires or choose Recommended to give advice about password resetting.

Step 3: Save the customization

• Click Save config button in the upper-right corner when you are done.

Final words

Securing your Admin in Magento 2 is an essential step to protect your site from online fraud and risks. With the above 3 easy steps, you can easily conduct necessary activities to ensure your backend is safe.

If you want to maintain high security and oustanding performance on your website, you should get help from experts. Starting off as a Magento-specialized company, Mageplaza can provide you with experienced developers who can protect your site well. So, how can Mageplaza help you?

• Support and maintain your Magento website frequently to guarantee the top-notch security
• Optimize your site performance
• Install new security patches per your requirement
• Audit SEO and fix any issues that may negatively affect your ranking
• Update and/or upgrade your website and extensions

Contact maintenance experts for free consultations now!

EXPLORE MAGENTO SUPPORT