Product details are displayed in English. Translations coming soon.
Quick facts
- Price
- $249.00 USD
- magento_2 versions
- —
- Setup time
- 90 min
- License
- One-time perpetual
- Languages
- 11 languages
ایک بار کی خریداری
Security Suite & Two-Factor Authentication
A custom-built Magento 2 / Adobe Commerce security extension that adds two-factor authentication, brute-force and login protection, admin IP whitelisting, custom admin URL, CAPTCHA and suspicious-activity alerts across both admin and customer areas. Built, installed and supported by ECOSIRE.
$249.00USD
ابھی کوئی ادائیگی نہیں۔ یہ ہماری ٹیم کو قیمت کی درخواست بھیجتا ہے — ہم قیمت اور اگلے اقدامات کے ساتھ ای میل کے ذریعے رابطہ کریں گے۔
اہم خصوصیات
TOTP two-factor authentication (Google Authenticator / Authy compatible) for both admin (Magento\User) and customer (Magento\Customer) accounts, with QR enrolment and recovery codes
Brute-force and login-attempt throttling with configurable thresholds and progressive lockout, enforced via plugins around the admin and storefront login controllers
Admin IP allow-listing (CIDR-aware) checked in a controller_action_predispatch observer before any admin route resolves
Randomized custom admin URL (front-name) with safe activation, fallback recovery instructions, and old-path 404 hardening
CAPTCHA enforcement (Magento native or reCAPTCHA v3) on admin login, customer login, forgot-password and registration forms
Suspicious-activity alerts via email and optional webhook on repeated failures, new-IP admin logins, and account lockouts
Tamper-evident security audit log of login successes/failures, lockouts, 2FA events and config changes, exposed through a service-contract repository
Admin grid UI under a dedicated ACL resource (Ecosire_SecuritySuite::config) for managing lockouts, whitelisted IPs and reviewing alerts
REST and GraphQL endpoints for customer 2FA enrolment and verification, so headless / PWA Studio storefronts are covered
Cron job to expire one-time tokens, clear stale lockouts and rotate/prune the audit log on a retention schedule
Per-role and per-website policy scoping (require 2FA for admins only, or for high-value customer groups) using Magento config scopes
Session and cookie hardening helpers plus optional forced-logout-on-IP-change for admin sessions
اس مصنوع کے بارے میں
Lock down your store across admin and customer areas
Security Suite & Two-Factor Authentication کیوں منتخب کریں
TOTP two-factor authentication (Google Authenticator / Authy compatible) for both admin (Magento\User) and customer (Magento\Customer) accounts, with QR enrolment and recovery codes
Brute-force and login-attempt throttling with configurable thresholds and progressive lockout, enforced via plugins around the admin and storefront login controllers
Admin IP allow-listing (CIDR-aware) checked in a controller_action_predispatch observer before any admin route resolves
Randomized custom admin URL (front-name) with safe activation, fallback recovery instructions, and old-path 404 hardening
CAPTCHA enforcement (Magento native or reCAPTCHA v3) on admin login, customer login, forgot-password and registration forms
Suspicious-activity alerts via email and optional webhook on repeated failures, new-IP admin logins, and account lockouts
Magento Open Source and Adobe Commerce ship with admin 2FA and a basic CAPTCHA, but most stores still expose a predictable /admin path, allow unlimited login attempts, give customers no MFA option, and provide no real-time alerting when an account is being probed. Security Suite & Two-Factor Authentication closes those gaps with one cohesive module installed under app/code/Ecosire/SecuritySuite.
We deliver TOTP-based two-factor authentication (Google Authenticator / Authy compatible) for both Magento\User admin accounts and Magento\Customer storefront accounts, layered on top of brute-force and login-attempt throttling, configurable account lockout, admin IP allow-listing, a randomized custom admin URL, and CAPTCHA enforcement on login, forgot-password and customer registration. Suspicious-activity alerts (repeated failures, new-IP admin logins, lockouts) are pushed via email and optional webhook.
The build follows Magento engineering conventions end to end: etc/adminhtml/system.xml configuration with admin ACL (Ecosire_SecuritySuite::config), an observer on controller_action_predispatch plus auth-event observers, plugins/interceptors around the login controllers, service contracts for the lockout and audit-log repositories, a cron job to purge expired tokens and stale lockouts, and REST/GraphQL endpoints so headless (PWA Studio) storefronts can drive customer 2FA enrolment.
This is build-to-order: ECOSIRE writes, installs and configures the extension on your environment, hardens settings to your policy, and supports it afterward — it is not an instant Adobe Commerce Marketplace download. You receive the full source under app/code, install docs, and an agreed delivery lead time. Compatible with Magento Open Source and Adobe Commerce 2.4.x on PHP 8.1–8.3.
What you get
- Custom Magento 2 module delivered as source under app/code/Ecosire/SecuritySuite (registration.php, module.xml, di.xml, system.xml, ACL, observers, plugins, cron)
- Installation and configuration on your environment (staging first, then production) by an ECOSIRE Magento engineer, including setup:upgrade and cache/DI compile in production mode
- Hardened baseline configuration tuned to your security policy (2FA scope, lockout thresholds, IP allow-list, custom admin path, CAPTCHA mode)
- REST/GraphQL endpoints documented for headless or PWA Studio integration, where applicable
- Admin user guide plus a recovery runbook (locked-out admin, lost 2FA device, custom-admin-URL fallback)
- Post-deployment smoke test, compatibility check against your installed extensions, and a defined warranty/support window
Who this is for
Security-conscious store owner
Runs a revenue-critical Magento store and wants admin and customer accounts protected with 2FA, lockouts and alerts without hiring a full-time security engineer.
Magento system administrator / DevOps
Needs IP whitelisting, a non-default admin URL, login throttling and an audit trail that fits Magento conventions and survives 2.4.x upgrades and DI compilation.
Merchant under compliance or buyer pressure
Must demonstrate access controls, MFA and activity logging for PCI scope, cyber-insurance, or a B2B customer's vendor security review.
Installation overview
Download from ECOSIRE
Buy the license on ecosire.com and download the Security Suite & Two-Factor Authentication module ZIP from your account dashboard.
Upload to Odoo
Extract the ZIP into your Odoo custom addons folder on the server (or upload via Apps > Install from file on Odoo.sh / runbot).
Install the module
Activate Developer Mode, open Apps, click Update Apps List, search for Security Suite & Two-Factor Authentication, and press Install.
Configure settings
Open the new menu, paste your ECOSIRE license key, connect any external credentials (Shopify, Amazon, Stripe, etc.), and save.
Verify & go live
Run the built-in connection test, sync your first 10 records, and schedule the recurring cron. Contact support if anything fails.
How Security Suite & Two-Factor Authentication Compares
| Criterion | ECOSIRE | Custom Build | Competitor | Odoo Native |
|---|---|---|---|---|
| 2FA for customer (storefront) accounts, not just admin | ||||
| Brute-force / login-attempt throttling with progressive lockout | ||||
| Admin IP allow-listing (CIDR) enforced before route resolution | ||||
| Randomized custom admin URL with safe recovery fallback | ||||
| Real-time suspicious-activity alerts (email + webhook) | ||||
| REST & GraphQL endpoints for headless / PWA Studio 2FA | ||||
| Built, installed, hardened and supported by Magento engineers | ||||
| Full source under app/code with no per-seat licensing lock-in |
Frequently Asked Questions about Security Suite & Two-Factor Authentication
+How long until the extension is delivered and installed?
Because this is build-to-order, ECOSIRE confirms a delivery lead time after a short scoping call — typically a few business days to about two weeks depending on your Magento/Adobe Commerce version, headless vs. Luma storefront, and the policy options you need (custom admin URL, customer 2FA, reCAPTCHA, webhooks). We install on staging first, validate, then schedule the production deployment with you. There is no instant Marketplace download.
+Do I get ongoing support and updates after launch?
Yes. Every build includes a warranty/support window, and we offer ongoing maintenance to keep the module compatible with future Magento 2.4.x and Adobe Commerce releases and PHP updates. Because you receive the full source under app/code, you are never locked in — ECOSIRE supports it, but you own the code.
+Does this work on both Magento Open Source and Adobe Commerce?
Yes. The module targets Magento 2.4.x on PHP 8.1–8.3 and runs on both Open Source and Adobe Commerce. On Adobe Commerce we integrate with its existing admin 2FA and security features rather than duplicating them, and we scope policies per website/role using standard Magento config scopes.
+Will it conflict with my existing extensions or break on upgrade?
We follow Magento conventions — plugins/interceptors, observers, service contracts and a dedicated ACL — instead of overriding core classes, which minimizes conflicts. As part of delivery we run a compatibility check against your installed third-party extensions, test DI compilation in production mode, and document anything that needs coordination.
+Can it secure a headless / PWA Studio storefront, not just Luma?
Yes. Customer 2FA enrolment and verification are exposed over REST and GraphQL, so a PWA Studio or other headless frontend can drive the MFA flow. Admin-side protections (IP allow-list, custom admin URL, login throttling, alerts) apply regardless of the storefront technology.
+What happens if an admin gets locked out or loses their 2FA device?
We ship a recovery runbook with every build: recovery codes generated at enrolment, a CLI/database fallback to reset a specific admin's 2FA, IP allow-list recovery, and documented steps to restore the default admin path if the custom URL is forgotten. ECOSIRE can also assist directly during the support window.
Why Customers Trust ECOSIRE
SOC 2 Aligned
GDPR Compliant
Secure Stripe Payment
30-Day Money Back
Lifetime Updates
LGPL-3.0 License
Related Modules
قیمت کا تخمینہ طلب کریں
Security Suite & Two-Factor Authentication
A custom-built Magento 2 / Adobe Commerce security extension that adds two-factor authentication, brute-force and login protection, admin IP whitelisting, custom admin URL, CAPTCHA and suspicious-activity alerts across both admin and customer areas. Built, installed and supported by ECOSIRE.
- TOTP two-factor authentication (Google Authenticator / Authy compatible) for both admin (Magento\User) and customer (Magento\Customer) accounts, with QR enrolment and recovery codes
- Brute-force and login-attempt throttling with configurable thresholds and progressive lockout, enforced via plugins around the admin and storefront login controllers
- Admin IP allow-listing (CIDR-aware) checked in a controller_action_predispatch observer before any admin route resolves
- Randomized custom admin URL (front-name) with safe activation, fallback recovery instructions, and old-path 404 hardening