商品詳細は英語で表示されます。翻訳は近日公開予定です。
簡単な事実
- 価格
- $249.00 USD
- magento_2 のバージョン
- —
- セットアップ時間
- 90分
- ライセンス
- ワンタイム永続
- 言語
- 11 言語
一回購入
Security Suite & Two-Factor Authentication
A custom-built Magento 2 / Adobe Commerce security extension that adds two-factor authentication, brute-force and login protection, admin IP whitelisting, custom admin URL, CAPTCHA and suspicious-activity alerts across both admin and customer areas. Built, installed and supported by ECOSIRE.
$249.00USD
今すぐのお支払いはありません。これはチームへの見積もり依頼を送信します。価格と次のステップをメールでご案内します。
主な機能
TOTP two-factor authentication (Google Authenticator / Authy compatible) for both admin (Magento\User) and customer (Magento\Customer) accounts, with QR enrolment and recovery codes
Brute-force and login-attempt throttling with configurable thresholds and progressive lockout, enforced via plugins around the admin and storefront login controllers
Admin IP allow-listing (CIDR-aware) checked in a controller_action_predispatch observer before any admin route resolves
Randomized custom admin URL (front-name) with safe activation, fallback recovery instructions, and old-path 404 hardening
CAPTCHA enforcement (Magento native or reCAPTCHA v3) on admin login, customer login, forgot-password and registration forms
Suspicious-activity alerts via email and optional webhook on repeated failures, new-IP admin logins, and account lockouts
Tamper-evident security audit log of login successes/failures, lockouts, 2FA events and config changes, exposed through a service-contract repository
Admin grid UI under a dedicated ACL resource (Ecosire_SecuritySuite::config) for managing lockouts, whitelisted IPs and reviewing alerts
REST and GraphQL endpoints for customer 2FA enrolment and verification, so headless / PWA Studio storefronts are covered
Cron job to expire one-time tokens, clear stale lockouts and rotate/prune the audit log on a retention schedule
Per-role and per-website policy scoping (require 2FA for admins only, or for high-value customer groups) using Magento config scopes
Session and cookie hardening helpers plus optional forced-logout-on-IP-change for admin sessions
この製品について
Lock down your store across admin and customer areas
Security Suite & Two-Factor Authenticationを選ぶ理由
TOTP two-factor authentication (Google Authenticator / Authy compatible) for both admin (Magento\User) and customer (Magento\Customer) accounts, with QR enrolment and recovery codes
Brute-force and login-attempt throttling with configurable thresholds and progressive lockout, enforced via plugins around the admin and storefront login controllers
Admin IP allow-listing (CIDR-aware) checked in a controller_action_predispatch observer before any admin route resolves
Randomized custom admin URL (front-name) with safe activation, fallback recovery instructions, and old-path 404 hardening
CAPTCHA enforcement (Magento native or reCAPTCHA v3) on admin login, customer login, forgot-password and registration forms
Suspicious-activity alerts via email and optional webhook on repeated failures, new-IP admin logins, and account lockouts
Magento Open Source and Adobe Commerce ship with admin 2FA and a basic CAPTCHA, but most stores still expose a predictable /admin path, allow unlimited login attempts, give customers no MFA option, and provide no real-time alerting when an account is being probed. Security Suite & Two-Factor Authentication closes those gaps with one cohesive module installed under app/code/Ecosire/SecuritySuite.
We deliver TOTP-based two-factor authentication (Google Authenticator / Authy compatible) for both Magento\User admin accounts and Magento\Customer storefront accounts, layered on top of brute-force and login-attempt throttling, configurable account lockout, admin IP allow-listing, a randomized custom admin URL, and CAPTCHA enforcement on login, forgot-password and customer registration. Suspicious-activity alerts (repeated failures, new-IP admin logins, lockouts) are pushed via email and optional webhook.
The build follows Magento engineering conventions end to end: etc/adminhtml/system.xml configuration with admin ACL (Ecosire_SecuritySuite::config), an observer on controller_action_predispatch plus auth-event observers, plugins/interceptors around the login controllers, service contracts for the lockout and audit-log repositories, a cron job to purge expired tokens and stale lockouts, and REST/GraphQL endpoints so headless (PWA Studio) storefronts can drive customer 2FA enrolment.
This is build-to-order: ECOSIRE writes, installs and configures the extension on your environment, hardens settings to your policy, and supports it afterward — it is not an instant Adobe Commerce Marketplace download. You receive the full source under app/code, install docs, and an agreed delivery lead time. Compatible with Magento Open Source and Adobe Commerce 2.4.x on PHP 8.1–8.3.
得られるもの
- Custom Magento 2 module delivered as source under app/code/Ecosire/SecuritySuite (registration.php, module.xml, di.xml, system.xml, ACL, observers, plugins, cron)
- Installation and configuration on your environment (staging first, then production) by an ECOSIRE Magento engineer, including setup:upgrade and cache/DI compile in production mode
- Hardened baseline configuration tuned to your security policy (2FA scope, lockout thresholds, IP allow-list, custom admin path, CAPTCHA mode)
- REST/GraphQL endpoints documented for headless or PWA Studio integration, where applicable
- Admin user guide plus a recovery runbook (locked-out admin, lost 2FA device, custom-admin-URL fallback)
- Post-deployment smoke test, compatibility check against your installed extensions, and a defined warranty/support window
これは誰のためのものですか
Security-conscious store owner
Runs a revenue-critical Magento store and wants admin and customer accounts protected with 2FA, lockouts and alerts without hiring a full-time security engineer.
Magento system administrator / DevOps
Needs IP whitelisting, a non-default admin URL, login throttling and an audit trail that fits Magento conventions and survives 2.4.x upgrades and DI compilation.
Merchant under compliance or buyer pressure
Must demonstrate access controls, MFA and activity logging for PCI scope, cyber-insurance, or a B2B customer's vendor security review.
インストールの概要
ECOSIREからダウンロード
ecosire.com でライセンスを購入し、アカウント ダッシュボードから Security Suite & Two-Factor Authentication モジュールの ZIP をダウンロードします。
Odoo にアップロードする
ZIP をサーバー上の Odoo カスタム アドオン フォルダーに抽出します (または、[アプリ] > [Odoo.sh / runbot のファイルからインストール] を介してアップロードします)。
モジュールをインストールする
開発者モードをアクティブにし、アプリを開き、「アプリリストの更新」をクリックして、「Security Suite & Two-Factor Authentication」を検索し、「インストール」を押します。
設定を構成する
新しいメニューを開き、ECOSIRE ライセンス キーを貼り付け、外部認証情報 (Shopify、Amazon、Stripe など) を接続して保存します。
検証して公開する
組み込みの接続テストを実行し、最初の 10 レコードを同期し、定期的な cron をスケジュールします。何か問題が発生した場合はサポートにお問い合わせください。
Security Suite & Two-Factor Authentication の比較方法
| 基準 | エコシエール | カスタムビルド | 競合他社 | オドゥー ネイティブ |
|---|---|---|---|---|
| 2FA for customer (storefront) accounts, not just admin | ||||
| Brute-force / login-attempt throttling with progressive lockout | ||||
| Admin IP allow-listing (CIDR) enforced before route resolution | ||||
| Randomized custom admin URL with safe recovery fallback | ||||
| Real-time suspicious-activity alerts (email + webhook) | ||||
| REST & GraphQL endpoints for headless / PWA Studio 2FA | ||||
| Built, installed, hardened and supported by Magento engineers | ||||
| Full source under app/code with no per-seat licensing lock-in |
Security Suite & Two-Factor Authentication に関するよくある質問
+How long until the extension is delivered and installed?
Because this is build-to-order, ECOSIRE confirms a delivery lead time after a short scoping call — typically a few business days to about two weeks depending on your Magento/Adobe Commerce version, headless vs. Luma storefront, and the policy options you need (custom admin URL, customer 2FA, reCAPTCHA, webhooks). We install on staging first, validate, then schedule the production deployment with you. There is no instant Marketplace download.
+Do I get ongoing support and updates after launch?
Yes. Every build includes a warranty/support window, and we offer ongoing maintenance to keep the module compatible with future Magento 2.4.x and Adobe Commerce releases and PHP updates. Because you receive the full source under app/code, you are never locked in — ECOSIRE supports it, but you own the code.
+Does this work on both Magento Open Source and Adobe Commerce?
Yes. The module targets Magento 2.4.x on PHP 8.1–8.3 and runs on both Open Source and Adobe Commerce. On Adobe Commerce we integrate with its existing admin 2FA and security features rather than duplicating them, and we scope policies per website/role using standard Magento config scopes.
+Will it conflict with my existing extensions or break on upgrade?
We follow Magento conventions — plugins/interceptors, observers, service contracts and a dedicated ACL — instead of overriding core classes, which minimizes conflicts. As part of delivery we run a compatibility check against your installed third-party extensions, test DI compilation in production mode, and document anything that needs coordination.
+Can it secure a headless / PWA Studio storefront, not just Luma?
Yes. Customer 2FA enrolment and verification are exposed over REST and GraphQL, so a PWA Studio or other headless frontend can drive the MFA flow. Admin-side protections (IP allow-list, custom admin URL, login throttling, alerts) apply regardless of the storefront technology.
+What happens if an admin gets locked out or loses their 2FA device?
We ship a recovery runbook with every build: recovery codes generated at enrolment, a CLI/database fallback to reset a specific admin's 2FA, IP allow-list recovery, and documented steps to restore the default admin path if the custom URL is forgotten. ECOSIRE can also assist directly during the support window.
お客様が ECOSIRE を信頼する理由
SOC 2 調整済み
GDPR準拠
安全なストライプ支払い
30日間の返金
生涯アップデート
LGPL-3.0ライセンス
関連モジュール
見積もりを依頼
Security Suite & Two-Factor Authentication
A custom-built Magento 2 / Adobe Commerce security extension that adds two-factor authentication, brute-force and login protection, admin IP whitelisting, custom admin URL, CAPTCHA and suspicious-activity alerts across both admin and customer areas. Built, installed and supported by ECOSIRE.
- TOTP two-factor authentication (Google Authenticator / Authy compatible) for both admin (Magento\User) and customer (Magento\Customer) accounts, with QR enrolment and recovery codes
- Brute-force and login-attempt throttling with configurable thresholds and progressive lockout, enforced via plugins around the admin and storefront login controllers
- Admin IP allow-listing (CIDR-aware) checked in a controller_action_predispatch observer before any admin route resolves
- Randomized custom admin URL (front-name) with safe activation, fallback recovery instructions, and old-path 404 hardening