Home
The main goal of this project and security-package repository is collect in one place functionality that improves security in Magento. At this moment the project contains next functional modules:
What is Google reCAPTCHA?
reCAPTCHA is a free service from Google that protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.
This module provides integration of Google reCAPCTHA into Magento software and the ability to apply it for user's interaction on Storefront and Admin Panel
At this moment module supports next types of Google reCAPCTHA
- reCAPTCHA v2 ("I am not a robot")
- reCAPTCHA v2 Invisible
- reCAPTCHA v3 Invisible
Covers next user flows/scenarios on Storefront
- Enable for Customer Login
- Enable for Forgot Password
- Enable for Create New Customer Account
- Enable for Contact Us
- Enable for Product Review
- Enable Invisible reCAPTCHA in Newsletter Subscription
- Enable for Send To Friend
- Enable for PayPal PayflowPro payment form
Covers next user flows/scenarios on Admin Panel
- Enable for Login
- Enable for Forgot Password
When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a format ("security.txt") to help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities.
The module provides implementation functionality according to requirements from security convention described here: https://tools.ietf.org/html/draft-foudil-securitytxt-09
- allows to save the security configurations in the Admin Panel
- contains a router to match application action class for requests to the
.well-known/security.txtand.well-known/security.txt.sigfiles. - serves the content of the
.well-known/security.txtand.well-known/security.txt.sigfiles.
Magento Two-Factor Authentication (2FA) improves security by requiring two-step authentication to access the Magento Admin UI from all devices. The extension supports multiple authenticators including Google Authenticator, Authy, Duo, and U2F keys. It applies to Magento Admin UI users only; it does not apply to storefront customer accounts.
Two-Factor Authentication gives you the ability to:
- Enable authenticator support for the Admin.
- Manage and configure authenticator settings globally or per user account.
- Reset authenticators and manage trusted devices for users.
Notifier is a messaging framework for Magento 2 allowing users and developers to easily integrate a wide set of communication channels (Telegram, Slack and others) for real-time notification.