Opencart Excessive Attempt Lock: One of the most critical concerns for an e-commerce website is security.
We come across several incidences to cyber crimes every day such as the atm pin frauds, online hacking and payment frauds etc.
Therefore, it becomes quite necessary for any website owner to use ways and means to keep their websites secure so that the hackers cannot misuse the website’s data.
Opencart Excessive Attempt Lock facilitates the admin of the store to define certain security factors
Factors are the number of login attempts for the Admin, Customer and the Affiliates so as to keep their data secure and sound.
Each time a login attempt, valid or invalid, is made by any user, the admin shall receive a mail, if enable in the admin panel.
This will help the admin track any fraudulent activity that is taking place.
thus, Only the usage of the right tools and tactics can help reduce cyber frauds and develop a trust factor amongst the customers.
Features
- The admin can set the number of attempts and can disable timing on the basis of the user group and customer groups.
- The admin allows Google Recaptcha feature in the customer tab only which shall display at the login page.
- The log details for the number of wrong attempts for admin, customer and affiliate display under the Log tab.
- If need be, the admin may block a particular IP address which will be track for making wrong login attempts.
- If enabled under the Admin tab, on every login attempt made, either successful or unsuccessful, an email will be sent to the admin.
Installation
Upload Files
First, extract the download zip file. After that, open the correct Opencart Version Folder.
According to Opencart Version installed in your system. Then, upload admin to the Opencart root directory.
Upload ZIP
Now log in to admin backend and navigate through Extensions -> Extension Installer. after that Click the Upload button and browse the Zip file, in this file is in the ocmod folder.
Please select the correct ocmod folder. According to your Opencart version installed in your system.
Click Continue after uploading the Zip file.
Refresh Modifications
After uploading the Zip file, please navigate through Extensions > Modifications. Now click the Refresh button as visible in below screenshot.
Edit User Groups
After that, go to System > Users > Usergroups. And then edit ‘Administrator’. Click Select All for both Access Permission and Modify Permission and Save it.
Install
Now navigate to Extensions > Extensions > Modules. Find Webkul Excessive Attempt Lock from the list. Click the Install button as visible in the screenshot below.
Admin End Configurations
After the successful installation of the Webkul Excessive Attempt Lock, the admin can navigate through the Extension > Extensions > Modules as shown in the image.
The admin can manage the configurations under Extension > Modules > Webkul Excessive Attempt Lock. 
The admin can click on the Edit button for the Webkul Excessive Attempt Lock so as to configure the settings for Admin, Customer and the Affiliates.
Excessive Attempt Lock Configuration Settings: ADMIN
The admin must click on the Admin tab so as to configure the Excessive Attempt Lock settings for the admin.
The admin can configure the settings for Excessive Attempt Lock for the Admin tab as under:
Excessive Attempt lock for Admin: The admin can set this field as Enable or Disabled.
Log File Fields: It is require in the log files. Only the admin needs to configure this field.
Mail To Admin on Customer Successful Login: Admin can set this as Enable so as to receive a mail if customers log in Successfully.
Mail To Admin on Invalid Customer Login: Admin can Enable this field to receive emails if any customer’s login attempt fails.
Reset Login Attempts on Group Change: If Enabled, on customer group change,
The remaining attempts of the previous customer group shall add with the attempts of the new customer group.
For instance:
A user wants to change the group for which the allow login attempts are 7 and has 5 leftover login attempts of the previous group.
The total number of login attempts for the new group shall be 12 (7+5=12).
Login Attempts for Admin: Number of allowed login attempts for the admin.
Disable Login Time for Admin: The time period (in minutes) after which the admin can log in, in case of wrong login attempts.
Warning on wrong Attempts: Message that shall display if a wrong attempt is made.
Display Remaining Login Attempts: Enable, in order to display the number of login attempts left after an unsuccessful login attempt.
Default Settings For All The Groups: If Enabled, the default settings may apply for all the groups.
If Disabled, then for each user group separate Login Attempts, Disable Login Time and Warning Messages need to be set.
configuring these settings, after that the admin can log in with the login credentials in the admin panel.
If the admin tends to enter the wrong credentials the error message shall display as shown in the image.
Excessive Attempt Lock Configuration Settings: Customer
The admin must click on the Customer tab so as to configure the Excessive Attempt Lock settings for the customers.
The admin configures the settings for Excessive Attempt Lock for Customers as under:
Excessive Attempt lock for Customer: The admin can set this field as Enabled or Disabled.
Google Recaptcha On Customer Login: The admin may Enable or Disable the Google Recaptcha.
Login Attempts for Customer: Number of allowed login attempts for the customer.
Disable Login Time for Customer: The time period (in minutes) after which the customer can log in, in case of wrong login attempts.
Warning on wrong Attempts: Message which shall display if a wrong attempt is made.
Display Remaining Login Attempts: Enable, in order to display the number of login attempts left after an unsuccessful login attempt.
Default Settings For All The Groups: If enabled, the default settings may apply for all the groups.
If Disabled, then for each user group separate Login Attempts, Disable Login Time and Warning Messages need to be set.
Excessive Attempt Lock Configuration Settings: Affiliates
The admin must click on the Affiliate tab so as to configure the Excessive Attempt Lock settings for the affiliates.
The admin can configure the settings for Excessive Attempt Lock for Affiliates as under:
Excessive Attempt lock for Affiliate: The admin can set this field as Enabled or Disabled.
Login Attempts for Affiliate: Number of allowed login attempts for the admin.
Disable Login Time for Affiliate: The time period (in minutes) after which the admin can log in in case of wrong login attempts.
Warning on wrong Attempts: Message which shall display if a wrong attempt is made.
Display Remaining Login Attempts: Enable, in order to display the number of login attempts left after an unsuccessful login attempt.
Default Settings For All The Groups: If Enabled, the default settings may apply for all the groups.
If Disabled, then for each user group separate Login Attempts, Disable Login Time and Warning Messages need to be set.
Excessive Attempt Lock Configuration Settings: Log and Security
The Log tab includes the information or the logs of all the wrong attempts which are made by users.
It includes data of the wrong login attempts made by the Admin, Customer or Affiliate such as Date, Time, IP Address of their system and the Browser.
Thus, this way it becomes easy for the admin of the store to track the fraudulent activity if any, by simply assessing the data available under the Log tab.
The Security tab displays the tabular demonstration of the data such as IP Address, Email Address, Total Attempts.
The IP Address column displays the IP address through which the wrong login attempt has been made.
The Email address associated with the IP address and the number of login attempts made.
Front End WorkFlow
In the frontend, customer or affiliates will have to log in using their valid credentials.
In the image below, the customer will add the login credentials- Email Address and the Password. 
If in case the customer enters an invalid password for the respective Email Address,
A Warning message- “Please check your Credentials and Retry” displays as shown in the image below.
Therefore ,a message for the number of attempts left shall also display- “3 attempts are remaining now” as shown in the image below. 
The Affiliate option is visible at the bottom of the Collection page, in the frontend as shown in the image below.
To log in as an Affiliate, the user must have the Affiliate login credentials- Email Address and the Password.
If in case the Affiliate enters an invalid password for the respective Email Address, a Warning message- “Please check your Credentials and Retry” displays.
Also, a message for the number of attempts left shall also display- “3 attempts are remaining now” as shown in the image below.
On a valid login attempt, the Customer or the Affiliate shall be redirected to their respective account page.
If an Affiliate adds a correct login Email Id and Password, it redirects to the My Account page as shown. 
In the same way, if a customer adds valid login details, it redirects the customer to My Account page.
That’s all for Opencart Excessive Attempt Lock. If you still have any issues, feel free to add a ticket and let us know your views on our Webkul Support System.
Current Product Version - 3.1.0.2
Supported Framework Version - 2.x.x.x and 3.x.x.x
Be the first to comment.