Cookie name	Description	Lifetime	Provider
_ce.clock_data	Store the difference in time from the server's time and the current browser.	1 day	Crazy Egg
_ce.clock_event	Prevent repeated requests to the Clock API.	1 day	Crazy Egg
_ce.irv	Store isReturning value during the session	Session	Crazy Egg
_ce.s	Track a recording visitor session unique ID, tracking host and start time	1 year	Crazy Egg
_hjSessionUser_2909345	Store a unique user identifier to track user sessions and interactions for analytics purposes.	1 year	HotJar
_hjSession_2909345	Store session data to identify and analyze individual user sessions.	1 day	HotJar
apt.uid	Store a unique user identifier for tracking and personalization.	1 year	Mageplaza
cebs	Store user preferences and settings.	Session	Mageplaza
cf_clearance	Store a token that indicates a user has passed a Cloudflare security challenge.	1 year	Cloudflare
crisp-client	The crisp-client/session cookie is used to identify and maintain a user session within the Crisp platform. It allows the live chat system to recognize returning users, maintain chat history, and ensure continuity in customer service interactions.	Session	Crisp
_ga	Store a unique client identifier (Client ID) for tracking user interactions on the	2 years	Google
_ga_7B0PZZW26Z	Store session state information for Google Analytics 4.	2 years	Google
_ga_JTRV42NV3L	Store session state information for Google Analytics 4.	2 years	Google
_ga_R3HWQ50MM4	Store a unique client identifier (Client ID) for tracking user interactions on the website.	2 years	Google
_gid	Store a unique client identifier (Client ID) for tracking user interactions on the website.	1 day	Google
_gat_UA-76130628-1	Throttle the request rate to Google Analytics servers.	1 day	Google

Cookie name	Description	Lifetime	Provider
_gcl_au	The cookie is used by Google to track and store conversions.	1 day	Google
__Secure-3PAPISID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
HSID	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.	2 years	Google
__Secure-1PSID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
SID	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data and protect visitor data from unauthorized access.	2 years	Google
APISID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
__Secure-1PAPISID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
__Secure-3PSID	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	2 years	Google
SSID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
SAPISID	This cookie is used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.	2 years	Google
__Secure-3PSIDTS	This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.	2 years	Google
__Secure-1PSIDTS	This cookie collects information about visitor's interactions with Google services and ads. It is used to measure advertising effectiveness and deliver personalised content based on interests. The cookie contains a unique identifier.	2 years	Google
SIDCC	This security cookie is used by Google to confirm visitor authenticity, prevent fraudulent use of login data, and protect visitor data from unauthorized access.	3 months	Google
__Secure-1PSIDCC	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	1 year	Google
__Secure-3PSIDCC	This cookie is used for targeting purposes to build a profile of the website visitor's interests in order to show relevant and personalized Google advertising.	1 year	Google
1P_JAR	This cookie is a Google Analytics Cookie created by Google DoubleClick and used to show personalized advertisements (ads) based on previous visits to the website.	1 month	Google
NID	Show Google ads in Google services for signed-out users.	6 months	Google

Cookie name	Description	Lifetime	Provider
_dc_gtm	Manage and deploy marketing tags through Google Tag Manager.	1 year	Google
1P_JAR	Gather website statistics and track conversion rates for Google AdWords campaigns.	1 month	Google
AEC		1 month	Google
ar_debug	Debugging purposes related to augmented reality (AR) functionalities.	1 month	Doubleclick
IDE	The IDE cookie is used by Google DoubleClick to register and report the user's actions after viewing or clicking on one of the advertiser's ads with the purpose of measuring the effectiveness of an ad and to present targeted ads to the user.	1 year	Doubleclick
ad_storage	Enables storage, such as cookies (web) or device identifiers (apps), related to advertising.	1 year	Google
ad_user_data	Sets consent for sending user data to Google for online advertising purposes.	1 year	Google
ad_personalization	Sets consent for personalized advertising.	1 year	Google
analytics_storage	Enables storage, such as cookies (web) or device identifiers (apps), related to analytics, for example, visit duration.	1 year	Google

Magento Edition *

Version *

Installation: +$50

$99

Magento 2 Security Extension

v4.0.5

4.9

(28 reviews)

Read all >

The Magento 2 Security extension protects your online store against threats such as hacking attempts, brute-force attacks, and data breaches. With proactive alerts, it notifies administrators of potential vulnerabilities and break-in attempts, enabling swift action to mitigate risks. By implementing strong security measures, this extension secures customer data, creates a safe shopping environment, and enhances customer trust.

Compatible with Hyva theme

Compatible with API/GraphQL

Identify vulnerabilities and risks with a security checklist

Detect suspicious login activity with login logs

Check all detailed action information on action logs

Prevent hackers from altering critical files with file change logs

Set the maximum number of failed login attempts

Put stores under 24/7 protection with away mode

FREE On-demand Hyva Compatibility

Compatible with:

Community: 2.3.* - 2.4.7

Enterprise: 2.3.* - 2.4.7

Free 1 year support & updates

60 days money back guarantee

Features

Reviews(28)

Release Notes

FAQs

1/15

Hightlight Features of Security Extension

2/15

Identify risks with a security checklist

3/15

Dectect abnormal login behavior with login log grid

4/15

5/15

Detailed action information on action logs

6/15

7/15

8/15

9/15

put stores under protection 24/7 with away mode

10/15

Prevent data loss with action log backup

11/15

Manage access through the creation of blaclist whitelist

12/15

Send waring emails to admins about bad login

13/15

Send notification to admins when a user is locked

14/15

Send warning emails to admin about all file changes

15/15

The Importance of a Robust Security Solution

Inspect security checklist

The Magento 2 Security extension offers a security checklist that identifies vulnerabilities and highlights risks, including admin username, captcha settings, Magento version, and database prefix.

Inspect all login logs

The extension logs login activities, including ID, time, username, IP, browser, URL, and status. Admins can review details, trace IPs, and take actions like strengthening passwords, enabling two-factor authentication, or blocking suspicious IPs.

View all action logs Pro

The action log records detailed information, including time, IP, username, and specific actions or changes. It also supports automatic compression and backups to enhance store performance. In case of errors, you can review recent changes and restore previous settings.

Check file changes Pro

Hackers can alter critical files, jeopardizing the security of your online store. A tracking and warning system offers enhanced protection by monitoring file changes. This module creates master hashes (reindexes) to scan all files and detect any additions or modifications in the backend.

Set a limit for the number of failed login

Admins can define limits for failed login attempts and the time frame in which they occur. If these limits are exceeded, the module automatically sends a warning message to store owners, alerting them to potential break-in attempts.

Put stores under 24/7 protection

Break-ins often occur when admins can't monitor the store, like at night or on days off. "Away Mode" restricts all login attempts from both admins and customers for a period of time, ensuring 24/7 protection without constant monitoring.

All features

Security checklist

The Magento 2 Security extension provides a checklist to help admins identify and fix vulnerabilities. These highlights risks related to:

Admin Username: Detects weak or default usernames and prompts updates for stronger security.

Captcha Settings: Ensures captcha is enabled to block bots and brute-force attacks.

Magento Version: Alerts admins to updates, reducing risks from known vulnerabilities.

Database Prefix: Verifies database prefix settings to prevent SQL injection attacks.

The Mageplaza Magento 2 Security extension incorporates a robust login tracking feature that meticulously records all login attempts to your online store. Each login event is meticulously logged, capturing crucial information such as:

Unique Login ID: A distinct identifier for each login attempt.

Time The exact date and time of the login attempt.

Username The username used for the login attempt.

IP Address: The IP address of the device used for the login.

Browser Agent: The type and version of the browser used for the login.

URL The specific URL accessed during the login attempt.

Login Status: Whether the login attempt was successful or unsuccessful.

Action logs Pro

An online store managed by multiple administrators is at risk of security breaches. Hackers could infiltrate the system and cause damage. To address this, implementing an advanced action log for the admin panel is an excellent solution.

This log provides detailed reports, including the time, IP address, username, and specific actions or changes (such as save, index, edit, or view). Additionally, the data log can be automatically compressed and backed up, helping to optimize your store's performance.

Action log backup

Action logs are backed up frequently to prevent data loss. You can set the update frequency for action logs (daily, weekly, or monthly) and clear the log after each backup in the backend.

File change log grid Pro

Hackers can tamper with critical files and damage online stores. To safeguard your business, a tracking and alert system offers enhanced protection. This module generates master hashes (reindex) to scan all files and detect any changes made in the backend, such as additions, edits, or deletions. Detected changes are recorded and stored in the admin log, and administrators receive a detailed report via email promptly.

Brute force attack protection

When this feature is enabled, store admins can prevent intentional multiple login attempts, which may result from unauthorized account logins. You can set the maximum number of failed login attempts, as well as the allowed duration in minutes. Within this specified time period, the number of failed login attempts cannot exceed the set limit.

Additionally, admins will receive an email alert regarding any suspicious login activity.

Away mode Pro

Away mode prevents all login attempts during store maintenance, including:

Customers logging in to shop

Admins logging into the store backend

Store admins can easily set the time period for Away Mode. To disable it, you just need to access the server and run the command outlined in the user guide.

Blacklist/whitelist IPS

This feature allows you to create lists of allowed and blocked IP addresses, preventing external attacks and protecting your data. Simply enter the forbidden IP addresses into the Blacklist field and the allowed IP addresses into the Whitelist field.

Warning emails

Our plugin proactively safeguards your store by instantly alerting you via email to any suspicious activity, such as:

Compromised login attempts (potential hacking attempts)

File changes that may indicate malware or unauthorized access

Captcha

The Magento 2 Security extension protects your store from spam and fraud with Google reCAPTCHA. This feature verifies users by displaying a code only when suspicious activity is detected, ensuring legitimate customers aren’t burdened with solving quizzes during safe sessions.

What customers tell about us

Product reviews: 28

Overall rating: 5.0

4.8

Read all reviews

How much do you like this product?

Nickname *

Email *

Leave your email to get reward points for reviews

Your review *

Submit a relevant review of 30+ words to earn 5 reward points (one-time per extension)

Darwin

31 January 2024

Verified purchase

As an e-commerce store owner, the security of my online business is of paramount importance. Recently, I integrated Security Extension into my platform, and the impact has been nothing short of exceptional.

walter

21 December 2022

Verified purchase

Simple to set up and very easy to use. As a non-technical person, after installation, it is easier to understand the security situation of my server. thanks

Chelto

02 May 2022

Verified purchase

Love that it's a complete pack to get so you only need one tool like this and you'll know that you have done enough to protect your store.

Huestis

19 April 2022

Verified purchase

I had some issues with installation and they made solution for me in time. Highly recommended Mageplaza and will buy more extensions here. 1000 Stars!!!

faraz bashir

16 April 2021

Verified purchase

Thanks, Mageplaza team your all extension is very helpful and I have purchased your many paid and free extension. Your all extension and Support is excellent and Mageplaza is one of the best Magento 2 developer company

sharon

15 April 2021

Verified purchase

They are simply the best, this is such a pleasure to work with them and I worked with a lot of developers. Thanks for everything!

Megha

15 March 2020

Verified purchase

This extension was able to provide us details and we were able to blacklist IPs that were attempting to brute force admin area. The file change detection is not working on 2.3.4 but we hope to resolve it with the support. Mageplaza should add additional features such as automatic blacklist addition if IP is found on the AbuseIP database for example. Overall satisfied.

Ran

30 December 2019

Verified purchase

Best service ever!

Jerry

17 October 2019

Verified purchase

This extension works well, as it allows me to view who's logging into the admin page. Features that should've been native to Magento but isn't! Good job Mageplaza, any added security to Magento is welcome!

Hasan

30 May 2019

Verified purchase

I just worked with Eric on Security Extension and he was very fast and helpful with my issue. I definitely appreciate this kind of support and will continue to speak highly about Mageplaza!

xdev

29 May 2019

Verified purchase

Really good for protecting your website! It can set a blacklist or a whitelisted IP, prevent brute force attack and set a warning email! I would definitely recommend this module to keep you ecommerce safe.

wrc

25 March 2019

Verified purchase

I purchased the Pro version and definitely more advanced. If you have a Magento store, I think you have to buy this extension. Security is more important than anything. Thank you Mageplaza!!

cheffe

20 February 2019

Verified purchase

We installed this extension after a brute force attack. The installation was easy and done in a few minutes. I was not sure about the correct configuration so that I had to contact the support team to finish the configuration.

Mahesh

07 February 2019

Verified purchase

This extension is very useful to track your Magento store's Admin user activities. I'm using it for some time and I found no issues with it and it works perfectly. Anyone should try this extension on their Magento store so that they can have the best logging tool in their store. Thank you

Moussa

02 February 2019

Verified purchase

I have installed it but forgot to install the library, the support team was very kind to reinstall the library and set it up. It works great, looking forward to get the Pro version.

Marina

03 January 2019

Verified purchase

Installed this extension and out of blue my Magento store is secured. Nice features, great usability, and nice coding. No bugs, all works perfectly. Highly recommended Magento 2 extension. Keep up good work!

Ashan

07 December 2018

Verified purchase

Aziz

04 December 2018

Verified purchase

This is one important and indispensable Security module. We were looking for a Security module and found this useful one from a reliable source. And guess what! It is a free module. That's awesome!

Abdulrahman

10 November 2018

Verified purchase

This is a good idea to offer it with the free edition. So once you try it, you will feel that it's good enough to have the paid one. Again, I would like to mention how great the support team is. They are super friendly and willing to assist as well. I'm looking for my next step to buy the paid version.

lafaifia

22 September 2018

Verified purchase

I needed to view the log action in my admin website, so I tried to use this product, what it offers is not bad so you can see some logs actions.

Markus

17 September 2018

Verified purchase

It is nice to have the ability to log the logins when you have multiple accounts and a need for seeing anywhen and anywhere they have occurred. Also, the checklist is a nice touch. Overall: Good stuff for free :=)

Alexander

05 September 2018

Verified purchase

The installation was so easy and because there are many colleagues who have an account, I can see exactly what is going on. This is a must-have extension. Also, the support is also very good.

kaznaur

09 August 2018

Verified purchase

This module is a very useful tool to control the basic logging of Admin users on your website. It would be better to have the action log of the users as well, but I guess it comes with a paid version :)

Nature Skin Shop

20 July 2018

Verified purchase

I see no issues with Security extension. It seems to be running as it should. Now I am happy with my purchase. I have tested the features, and they are working well. I recommend this to anyone who wants little extra security.

Donovan

02 June 2018

Verified purchase

The Standard (free) edition is a great way to get a security check that will advise you of ways to secure your store (I've implemented these changes), as well as getting a list of last logins to your admin panel. This can help reassure you that others are not accessing your store, and you can check the date of your last login to make sure that was you. The usefulness of this extension, and by making it free, means I will be considering the Professional edition.

Crue1980

15 March 2018

Verified purchase

I’ve got to say that it’s too good to have a free extension like Mageplaza Security. It works well on my store and helps prevent bad break-in attempts so effectively. No complaints for this.

Harry

15 March 2018

Verified purchase

I like the way Mageplaza support team works. Quick and effective! This extension is also awesome with adequate features for my online store.

Lucy

15 March 2018

Verified purchase

I’m pleased with the quality of the extension, no bugs for my store. The extension gives me peace of mind about the security of my online store. Good work, Mageplaza~

Release notes

v4.0.5 (Magento v2.4.x)

31 May 2024
Standard:
- Compatibility: Now compatible with Magento 2.4.7
Professional:
- Compatibility: Now compatible with Magento 2.4.7

v4.0.4 (Magento v2.4.x)

22 May 2023
- Compatibility: The extension is now compatible with Magento 2.4.6

v4.0.3 (Magento v2.4.x)

31 August 2022
- Compatibility: The extension is now compatible with Magento 2.4.4

v4.0.2 (Magento v2.4.x)

26 October 2021
- Compatibility: The extension is now compatible with Magento 2.4.3
- New Feature: We added Clear Login Logs
- Bug Fix: We fixed minor bugs

v1.1.7 (Magento v2.3.x)

26 October 2021
- Compatible with Magento v2.3.7
- Added Clear Login Logs
- Fixed minor bugs

v4.0.1 (Magento v2.4.x)

26 May 2021
- Compatible with Magento v2.4.2

v4.0.0 (Magento v2.4.x)

10 November 2020
- Supported Magento v2.4

v1.1.6 (Magento v2.3.x)

29 June 2020
- Fixed minor bugs

v1.1.5 (Magento v2.3.x)

30 December 2019
- Fixed minor bugs
- Improved code style & performance

v1.1.4 (Magento v2.3.x)

26 June 2019

Compatible with Magento 2.3.1

v1.1.3 (Magento v2.3.x)

13 August 2018
- Update Module license
Security Pro
- Fixed error when compiling module on Magento 2.2

v1.1.2 (Magento v2.3.x)

06 April 2018
- Update email template “lock-user”

v1.1.1 (Magento v2.3.x)

02 April 2018

Fix bug get wrong IP address if server use Varnish Cache

v1.1.0 (Magento v2.3.x)

29 March 2018
- Add Checklist feature
- Add Module Activation
- Move backend module menu to Magento System menu

v1.0.0 (Magento v2.3.x)

14 March 2018

Initial module v1.0.0

Frequently Asked Questions

You can enable the extension by following these steps:
Step 1: Go to Stores > Settings > Configuration > Mageplaza> Security.
Step 2: In the Enable field, choose Yes to turn the Security module on.
Step 3: Click on Save Config to save your changes.

With our extension, you can perform various actions to secure your website, like:
Setting up unrecognized admin panel login alerts
Restricting unauthorized access by creating a blacklist and whitelist IP addresses
Sending brute force attack email notifications to store owners

If the maximum number of times logins fail is reached, a warning email will be sent to email addresses that are set.

You sure can. It is easy to customize warning email templates in Magento 2. There are 4 steps to customize the email template. Read this step-by-step guide now!

If you get locked out of your Magento 2 store, the module will automatically display all warnings of possible security risks and send messages to the email address. If you assume that this is a mistake, please follow our guide to unblock.

Exactly! It logs both Failure and Success status.

The standard version of the Mageplaza Security extension is still free on Github. However, the GitHub version does not include the Mageplaza technical support package.

Mageplaza Security is compatible out-of-the-box with Magento Open (Community), Magento Commerce (Enterprise), Magento Cloud 2.2.x, 2.3.x, 2.4.x..

Magento Edition *

Version *

Installation: +$50

$99

Pricing

Choose your suitable edition.

Standard

$ 99 first year

Free 1 year support & updates

60 days money back guarantee

Read our policies

Features:

1-year extension updates

1-year support

60-day money-back guarantee

Supports for Magento 2 Community Edition

Professional

Magento 2 Security Extension

The Importance of a Robust Security Solution

Inspect security checklist

Inspect all login logs

View all action logs Pro

Check file changes Pro

Set a limit for the number of failed login

Put stores under 24/7 protection

All features

Security checklist

Login logs

Action logs Pro

Action log backup

File change log grid Pro

Brute force attack protection

Away mode Pro

Blacklist/whitelist IPS

Warning emails

Captcha

What customers tell about us

Release notes

Security Pro

Frequently Asked Questions

How do I enable the Security plugin?

How does the Mageplaza Security extension help stores enhance their website's security?

When do I receive a failed login alert?

Can I customize my own warning email templates?

What happens if I get locked?

Will a successful login be recorded in the log?

I want to get the Mageplaza Security extension for free. Is it possible?

What edition does this module support?

Pricing