Skip to content
Serhii Dzhepa edited this page Apr 4, 2020 · 3 revisions

The main goal of this project and security-package repository is collect in one place functionality that improves security in Magento. At this moment the project contains next functional modules:

Google reCAPTCHA

What is Google reCAPTCHA?

reCAPTCHA is a free service from Google that protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.

This module provides integration of Google reCAPCTHA into Magento software and the ability to apply it for user's interaction on Storefront and Admin Panel

At this moment module supports next types of Google reCAPCTHA

  • reCAPTCHA v2 ("I am not a robot")
  • reCAPTCHA v2 Invisible
  • reCAPTCHA v3 Invisible

Covers next user flows/scenarios on Storefront

  • Enable for Customer Login
  • Enable for Forgot Password
  • Enable for Create New Customer Account
  • Enable for Contact Us
  • Enable for Product Review
  • Enable Invisible reCAPTCHA in Newsletter Subscription
  • Enable for Send To Friend
  • Enable for PayPal PayflowPro payment form

Covers next user flows/scenarios on Admin Panel

  • Enable for Login
  • Enable for Forgot Password

Security.txt

When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, vulnerabilities may be left unreported. This document defines a format ("security.txt") to help organizations describe their vulnerability disclosure practices to make it easier for researchers to report vulnerabilities.

The module provides implementation functionality according to requirements from security convention described here: https://tools.ietf.org/html/draft-foudil-securitytxt-09

  • allows to save the security configurations in the Admin Panel
  • contains a router to match application action class for requests to the .well-known/security.txt and .well-known/security.txt.sig files.
  • serves the content of the .well-known/security.txt and .well-known/security.txt.sig files.

Two-Factor Authentication(2FA)

Magento Two-Factor Authentication (2FA) improves security by requiring two-step authentication to access the Magento Admin UI from all devices. The extension supports multiple authenticators including Google Authenticator, Authy, Duo, and U2F keys. It applies to Magento Admin UI users only; it does not apply to storefront customer accounts.

Two-Factor Authentication gives you the ability to:

  • Enable authenticator support for the Admin.
  • Manage and configure authenticator settings globally or per user account.
  • Reset authenticators and manage trusted devices for users.

Admin Notifier Framework(Notifier)

Notifier is a messaging framework for Magento 2 allowing users and developers to easily integrate a wide set of communication channels (Telegram, Slack and others) for real-time notification.

Clone this wiki locally