Back to Top

Excessive Attempt Lock for Magento 2

Updated 17 April 2024

Excessive Attempt Lock for Magento 2 (Adobe Commerce) enables an additional security layer to prevent hackers to abuse your admin and customer logins by attempting many easy-to-guess passwords consecutively.

In other words, it is a brute force attack. This technique is characterized by the attitude, “try and try till you succeed”. It is one of the oldest methods of breaking into something.

This technique can be used to attack the website from the admin login or from the customer login. Here the Excessive Attempt Lock for Magento 2 came into force. It can disable an admin user or the customer for a defined number of minutes.

Watch the video to understand the module workflow –

Dj6JHtgCi0s

Features

  • Admin can enable or disable the module.
  • Work for both admin and customer login.
  • Admin can set no. of attempts and disable time for both admin and the customer.
  • Display unlock timer for both admin and customer over the login page.
  • This extension is compatible with OTP (One Time Password) module.

Installation

Customers will get a zip folder and they have to extract the contents of this zip folder on their system. The extracted folder has an src folder, inside the src folder you have the app folder. You need to transfer this app folder into the Magento2 root directory on the server as shown below.

Searching for an experienced
Magento 2 Company ?
Find out More
INSTALLATION

After the successful installation, you have to run these commands in the Magento 2 (Adobe Commerce) root directory.

First Command – 

php bin/magento setup:upgrade

Second Command – 

php bin/magento setup:di:compile

Third Command – 

php bin/magento setup:static-content:deploy

After running the commands, you have to flush the cache from the Magento admin panel by navigating through “System->Cache Management” as shown below.

INSTALLATION

Thus, in this way, you can install the module.

Multi-Lingual Configuration

For Multilingual support, please navigate to “Store>Configuration>General >Locale Options”. And select your desired language from the Locale option.

change-language-magento-2-locale

Language Translation

For module translation, navigate to the following path in your system  app/code/Webkul/ExcessiveAttemptLock/i18n/en_US.csv. Open the file named en_US.CSV for editing as shown in the below screenshot.

LANGUAGE TRANSLATION

Then replace the words after the comma(,) on the right in the file with your translated words.

Webkul-Excessive-Attempt-Lock-for-Magento 2-CSV

After editing and translating the CSV file, you need to save the translated file name according to your region language and country code such as – de_DE.CSV. Followed by uploading the translated file to the same folder from where you have obtained it. Now your module translation is complete.

Language translation

Configuration

After the successful installation of the module, the admin can configure this module under “Store > Configuration > Webkul > Excessive Attempt Lock”.
OR
The admin can directly navigate from the left menu by clicking ” Excessive Attempt Lock > Configuration Settings”.

configuration
magento 2 excessive attempt lock configuration

When the OTP module is enabled, then two fields will be added to the Excessive attempt lock configuration.

magento 2 excessive attempt lock otp configuration

Excessive Attempt Lock Settings : 

Active –  Here the admin can choose between “Yes” to enable the module or “No” to disable the module. 

Admin Login Settings :

Login Attempts – The admin can define after how many logins attempts the login will be disabled. 

Disable Login Time in Minutes – The admin can define the disable time in minutes of the user to log in.  

Customer Login Settings :

Login Attempts –  The admin can define after how many logins attempts the login will be disabled.

Disable Login Time in Minutes – The admin can define the disable time in minutes of the user to log in.

OTP Attempts – The admin can set the number of OTP attempts for the user to submit .

Disable Login Time on Excessive OTPThe admin can set the disable log in time for x minutes.

Note 1 : The admin or the customer needs to enter the correct login id to enable their account. 

Note 2 : The admin must enable the OTP Validation on Customer Login in the OTP module.

Admin View

If the admin user enters the wrong password more than allowed a number of attempts, the user will be disabled.  The user is not able to log in for the number of minutes configured in the admin panel.

Magento-Admin

Once, the blocked time is over, the admin can see a message displaying that “You are ready to login” as per the below image:

Magento-Admin-1-Excessive Attempt Lock

Customer View

It will disable the customer from login in if the customer enters the wrong password more than the allowed number of attempts.

Customer-Login-Excessive Attempt Lock

Locked account when attempting to submit OTP excessively. If the OTP lock module is enabled.

Once, the blocked time is over, the customer can see a message displaying that “You are ready to login” as per the below image:

ready to login

Thus, that’s all for Excessive Attempt Lock for Magento 2 (Adobe Commerce) module. Still, have any issues please feel free to add a ticket at  https://webkul.uvdesk.com/

Explore the Adobe Commerce Cloud development services by Webkul. You may also browse our quality Magento 2 extensions.

Current Product Version - 4.0.4

Supported Framework Version - Magento 2.0.x, 2.1.x, 2.2.x,2.3.x, 2.4.x

Blog Version - Magento 2.0.x, 2.1.x, 2.2.x,2.3.x, 2.4.x
  • Version Magento 2.0.x, 2.1.x, 2.2.x, 2.3.x
  • Version Magento 2.0.x, 2.1.x, 2.2.x, 2.3.x, 2.4.x
. . .

Leave a Comment

Your email address will not be published. Required fields are marked*


Be the first to comment.

Back to Top

Message Sent!

If you have more details or questions, you can reply to the received confirmation email.

Back to Home

Table of Content