Let in only verified users into admin panel with 2FA. This is the one the most secure method of identity authentication up to date. What it requests is a phone number to be assigned to a user that has access to admin panel. During every login attempt, after the username and password are correct, the system sends the users an automatically generated SMS-code in order to login in Magento Admin panel. While the password is the first factor of confirming identity, the code is the second one. Even if the password fraud has taken place, 2FA is a serious obstacle to any intrusion. You can find the 2FA settings at System > Configuration > [NEKLO] Security Suite > Two-factor authentication (2FA) tab.
Important note: “Authy IP Key’ is the field necessary for SMS-code verification. To make SMS-code mode work, you have to go through Twilio verification and get an Authy account. You can find a step-by-step instruction to this process in the User Guide for Security Suite extension.
Important note: for SMS confirmation to work, you have to input mobile numbers for each intended user at System > Permissions > Users. 2FA feature must be enabled for ‘Phone Number’ field to appear.
Don’t leave the chance for intruders to use your admin account. With admin user settings, in ‘Admin Account Sharing’ you can forbid the access to the same account for different people. That means, if you or any other admin user logs in, all the active sessions for this account if there are such, will be momentarily revoked. Any users, that are acting under the same username will be logged out without a possibility to log in back.
Revoke active sessions for other admin users in one click. Sessions is a grid located under System > My Account, where admin users can track all active sessions and their key indicators themselves. If there is a session that seems suspicious for some reason, you can end it by pressing revoke. The user whose session was revoked logs out of Magento instantly and gets the message on the login page that indicates why the session ended.
Make sure that actions by any admin are appropriate and don’t miss a mistake. You can view all sessions for specific users to determine when they were online, which device they used and which IP address they had. That might be helpful if you have an extensive team or want to keep your watch over their actions tight. The tab is located under System > Permissions > Users. You can choose any user and open their active sessions.
Monitor the work done by your admin users through viewing their login attempts and all other actions in two grids. Both login attempts and actions are specified with multiple filters, that make every event easily trackable. You can track down IP addresses with unsuccessful logins, and determine who did what on the backend.
Store and clean the data about admin actions and login attempts on your server. You can control the logs displayed in admin activity grids with variable settings. More specifically, at System > Configuration > [NEKLO] Security Suite > Logger Settings you can:
Lock or unlock any user manually with a new
lock/unlock button in Permission settings. This feature
is a handy tip for when you can lock any user, not only the
ones that get the password wrong. All you have to do is to go
to System > Permissions > Users and find the user that you need to
lock out. The block is permanent until you unblock the user the
Lock admin users out automatically without your participation with lockout settings. Located at System > Configuration > [NEKLO] > Security Suite > Admin User Settings tab, they allow you to configure:
Improve your passwords, because phishing attacks are still
a thing. With Security Suite you are able to choose minimum
password length, enable the use of lower and uppercase letters
and digits in a set of advanced settings.
The password settings are located at System > Configuration > [NEKLO] > Security Suite > Admin User Settings > Advanced Password Validation Settings tab. To adjust the value according to how you want the passwords to be, enable advanced requirements.
There are four more specifications that you can add to what you have at the moment:
This feature is intended for taking your products from one page and moving it to another. The button opens a window where you specify the page you want to send the product to. The transferred product will appear on the first available position, of the very first place on the page is taken by a pinned product.
A tip for strong passwords: set all the settings to ‘yes’ or use a maximum possible value that you are able to implement with your team. Unpredictable passwords are harder to oversee, overhear or copy, or to put simply, are physically and technically harder to cheat.
Get email notifications about what is happening at the backend of your Magento. You will know instantly if there are new admin users, unsuccessful logins or suspicious attempts to gain access, and will be able to fix The event list includes Login success, Login failure, Login from not whitelisted IP, Admin user created/modified/deleted, Admin user locked and a few more activities. After you enable the feature, you get three more fields.
Scan your store by MageReport as frequently as you need. Receive information about missing Magento security patches, unmaintained servers and attack risks. The scanner itself and the results of the scanning are located at System > Configuration > [NEKLO] Security Suite > MageReport.com Scanner.
To execute a correct installation an extension for Magento 1,
you need to have valid FTP/SSH access details.
Attention! It is necessary to disable code compilation before you start installing the extension. If this setting is left enabled, the extension installation can make your site inaccessible. To turn off code compilation, go to your admin panel > System > Tools > Compilation and click “Disable”.
1. Unpack a zip file you have downloaded.
2. Upload all files from the downloaded zip file to the root folder of your Magento 1 installation.
3. In your admin panel, go to System > Cache Management and flush Magento cache. This step is obligatory.
4. Bring code compilation back by turning it on at System > Tools > Compilation, when the extension was successfully installed.
5. Log out and in your Magento. That action will reload ACL (account control level) rules.
6. To enable the extension and start configuring, go to System > Configuration > Neklo tab, choose Security Suite and select “Yes” value in General Settings, then save the changes.
We have a qualified support team that is always there to help. We look forward to challenges and approach each of them with an open mind and a nonstandard way of thinking. If there is a problem, we know the solution.
We earned the right to be trusted and proud of the work we have done. We completed many tasks and have a lot to come. We have worked on broad range of domains such as e-Business, Supply Chain Management, Pharmaceuticals, Healthcare, Education, Data Warehousing and more.
We deliver solutions that that we know will work. 40% of our developers are Magento, Oracle and Zend certified. We are enthusiastic about what we do, we are the experts in the field of eCommerce and have a portfolio worth a look.
You're reviewing: Security Suite