Excessive Attempt Lock for Magento 2 (Adobe Commerce) enables an additional security layer to prevent hackers to abuse your admin and customer logins by attempting many easy-to-guess passwords consecutively.
In other words, it is a brute force attack. This technique is characterized by the attitude, “try and try till you succeed”. It is one of the oldest methods of breaking into something.
This technique can be used to attack the website from the admin login or from the customer login. Here the Excessive Attempt Lock for Magento 2 came into force. It can disable an admin user or the customer for a defined number of minutes.
Watch the video to understand the module workflow –
Features
- Admin can enable or disable the module.
- Work for both admin and customer login.
- Admin can set no. of attempts and disable time for both admin and the customer.
- Display unlock timer for both admin and customer over the login page.
- This extension is compatible with OTP (One Time Password) module.
Installation
Customers will get a zip folder and they have to extract the contents of this zip folder on their system. The extracted folder has an src folder, inside the src folder you have the app folder. You need to transfer this app folder into the Magento2 root directory on the server as shown below.
After the successful installation, you have to run these commands in the Magento 2 (Adobe Commerce) root directory.
First Command –
php bin/magento setup:upgrade
Second Command –
php bin/magento setup:di:compile
Third Command –
php bin/magento setup:static-content:deploy
After running the commands, you have to flush the cache from the Magento admin panel by navigating through “System->Cache Management” as shown below.
Thus, in this way, you can install the module.
Multi-Lingual Configuration
For Multilingual support, please navigate to “Store>Configuration>General >Locale Options”. And select your desired language from the Locale option.
Language Translation
For module translation, navigate to the following path in your system app/code/Webkul/ExcessiveAttemptLock/i18n/en_US.csv. Open the file named en_US.CSV for editing as shown in the below screenshot.
Then replace the words after the comma(,) on the right in the file with your translated words.
After editing and translating the CSV file, you need to save the translated file name according to your region language and country code such as – de_DE.CSV. Followed by uploading the translated file to the same folder from where you have obtained it. Now your module translation is complete.
Configuration
After the successful installation of the module, the admin can configure this module under “Store > Configuration > Webkul > Excessive Attempt Lock”.
OR
The admin can directly navigate from the left menu by clicking ” Excessive Attempt Lock > Configuration Settings”.
When the OTP module is enabled, then two fields will be added to the Excessive attempt lock configuration.
Excessive Attempt Lock Settings :
Active – Here the admin can choose between “Yes” to enable the module or “No” to disable the module.
Admin Login Settings :
Login Attempts – The admin can define after how many logins attempts the login will be disabled.
Disable Login Time in Minutes – The admin can define the disable time in minutes of the user to log in.
Customer Login Settings :
Login Attempts – The admin can define after how many logins attempts the login will be disabled.
Disable Login Time in Minutes – The admin can define the disable time in minutes of the user to log in.
OTP Attempts – The admin can set the number of OTP attempts for the user to submit .
Disable Login Time on Excessive OTP – The admin can set the disable log in time for x minutes.
Note 1 : The admin or the customer needs to enter the correct login id to enable their account.
Note 2 : The admin must enable the OTP Validation on Customer Login in the OTP module.
Admin View
If the admin user enters the wrong password more than allowed a number of attempts, the user will be disabled. The user is not able to log in for the number of minutes configured in the admin panel.
Once, the blocked time is over, the admin can see a message displaying that “You are ready to login” as per the below image:
Customer View
It will disable the customer from login in if the customer enters the wrong password more than the allowed number of attempts.
Locked account when attempting to submit OTP excessively. If the OTP lock module is enabled.
Once, the blocked time is over, the customer can see a message displaying that “You are ready to login” as per the below image:
Thus, that’s all for Excessive Attempt Lock for Magento 2 (Adobe Commerce) module. Still, have any issues please feel free to add a ticket at https://webkul.uvdesk.com/
Explore the Adobe Commerce Cloud development services by Webkul. You may also browse our quality Magento 2 extensions.
Current Product Version - 4.0.4
Supported Framework Version - Magento 2.0.x, 2.1.x, 2.2.x,2.3.x, 2.4.x
Be the first to comment.