Nowadays, account security is the prime concern for most of the customers. They want their accounts to be much safer than ever. And, I do think that the concern of customers is actually valid. The accounts should be secure enough to prevent any kind of unauthorized access. Thus, it becomes even more important to take measures to strengthen the security of the customer’s account.
To get past the security barrier, hackers use methods like Brute-force attack. Keeping in mind such practices, we bring you this module to provide protection against all of them. As by definition, a Brute-force attack is nothing but submission of many passwords/passphrases at a time. This method allows them to hit the correct password eventually.
Therefore, the functionalities of this module are developed while keeping in mind the general security threats. These functionalities will surely help customers to prevent their accounts against security threats.
Features of the module
- Allow your customer to try for login for the set number of attempts.
- Enter the time after which the customer can try to login into his account again.
- Display or hide ‘remember me’ checkbox on the login page.
- Enable or disable the display of show or hide toggle button on the password input box.
- Allow your customers to login via OTP.
- Send OTP on the registered email address of the customer.
- Choose to send email to the customer on detection of multiple failed login attempt.
- Inform your customers through mail about login via a new device.
- Enable the display of field to retype the password.
- Enter the time after which the customers can reset the password of their account.
- Allow customer to copy-paste the password in retype password box.
- Display strength of the password in colour bar on the customer registration page.
- Select the pattern to check the strength of the password.
- Add a google reCAPTCHA form on login, registration & admin login page.
- Select the theme of the google reCAPTCHA login page.
How to install the module
- Go to Module Manager in Back office and click on ‘upload a module’.
- Now, Drag and drop the module file or select the file from the system.
- In this way, the module installation will be successful.
How to configure the Prestashop Enhance login security
The configuration is the most important part of this module. So, let’s just see what this part is all about.
This part consists of 3 tabs. Each tab provides you with a range of options to customize the settings as per need. Therefore, we need to cover each of them one by one
Settings of Login Page
In this tab, there are multiple options to configure the settings of the login page. Let’s understand them one by one. This part allows you to do the following things.
- You can set the maximum number of chances that you want to give your customer for login.
- Set the time after which the customer can try to login again.
- You can also set the time until which the customer can remain logged in to the account.
- Send mail to the user on detection of multiple failed login attempt.
- You can send mail to the user if he/she tries to login via a new device.
Settings of the registration page
The registration page setting allows you to do following things:
- The first option can allow you to show or hide retype password box.
- Enter the number of attempts that you want to give your customers to match the old password.
- You can also enter the time after which customers can reset the password.
- Enable this option to sign out the user on detection of multiple failed login attempt.
- Allow this functionality in retype password field.
- The meter shows the strength of the password in the colour bar.
- Enable to check the strength of password on the basis of selected patterns.
Manage reCAPTCHA Settings
In this section, enter keys to display reCAPTCHA form. You can also choose the pages to show this form. Display reCaptcha form on login, registration page & admin end log in page.
To obtain the keys of Google reCAPTCHA, go through the documentation of our Prestashop Google reCAPTCHA module.
Note
To use the functionality of reCaptcha, you need to add some hook in prestashop core files:
1.) Add Hook
{hook h='DisplayWkCustomerLoginForm'}
in Front-Office
File name – login-form.tpl
Path – /themes/_YOUR_THEME_NAME_/templates/customer/_partials/
Position – In Login Form with id=”login-form”, Inside {block name=’login_form_fields’} section and after {/foreach}
2.) Add Hook
{hook h='DisplayWkAdminLoginForm'}
in Back-Office
File name – content.tpl
Path – /admin/themes/default/template/controllers/login
Position – Inside Login Form with id=”login_form”, After Password field <div class=”form-group”>……</div>
3.) Add Hook –
Hook::exec('actionWkAdminLoginControllerSubmit');
in Back-Office
File name – AdminLoginController.php
Path – /controllers/admin/
Position – Inside processLogin() function, after ‘password’ validation check and before this line – “if (!count($this->errors)) {“
We have also overridden some prestashop core files –
1. Classes/form – CustomerForm.php
function name – validate()
Front-end changes after installation of Prestashop Enhance Login Security
Now, when we are finished with the configuration of the module. Let’s head further to witness the changes it entails at the front end of the store.
Login page of the customer
On the customer login page, a ” remember me” checkbox & google reCAPTCHA form is available.
Registration page of the customer
A new field to reenter password becomes available at the registration page. Google reCAPTCHA form is also available as per settings.
How a customer can update the password
A customer can also update the password. To update the password, he/she needs to enter same password in both the fields.
While updating the password, a customer can try to match the password for the allowed number of times only.
Notify your customers
There are various instances on which a customer is notified. Those instances are:
- A notification pops up on the login page when a customer reaches a maximum trial attempt limit.
- The notification is shown to the customer on exhaustion of trial attempt by the customer.
You can notify about the OTP mail to the customer too. It will help you to notify customer about the validity of the OTP.
Indicate strength of the password
As you can see, a colour bar below the password field is showing the strength of the password. The system analyses the strength of the password on the basis of the patterns you have selected. It allows customers to keep a strong password.
Let me tell you how this functionality can help your customers. As we know, there are various types of customers at a store. And, they ought to keep a strong password in order to reduce the fragility of the account. An indicator confirming the password strength will allow them to choose a strong password at the time of registration.
Admin End Login Page
As you can see that now Google reCAPTCHA form is also available on the admin-end login page too.
Email Template
The image below shows the OTP mail. It is sent to the customer when a customer requests to login via OTP.
This was all about Prestashop Enhance Login Security.
Support
For any kind of technical assistance, just raise a ticket at http://webkul.uvdesk.com and for any doubt contact us at [email protected]
Current Product Version - 4.0.0
Supported Framework Version - 1.7.x.x
Be the first to comment.