产品详细信息以英文显示。翻译即将推出。
速览
- 价格
- $249.00 USD
- magento_2 版本
- —
- 设置时间
- 90分钟
- 许可证
- 一次永久
- 语言
- 11 语言
一次性购买
Security Suite & Two-Factor Authentication
A custom-built Magento 2 / Adobe Commerce security extension that adds two-factor authentication, brute-force and login protection, admin IP whitelisting, custom admin URL, CAPTCHA and suspicious-activity alerts across both admin and customer areas. Built, installed and supported by ECOSIRE.
$249.00USD
现在无需付款。此操作会向我们的团队发送报价请求——我们会通过邮件跟进价格和后续步骤。
核心功能
TOTP two-factor authentication (Google Authenticator / Authy compatible) for both admin (Magento\User) and customer (Magento\Customer) accounts, with QR enrolment and recovery codes
Brute-force and login-attempt throttling with configurable thresholds and progressive lockout, enforced via plugins around the admin and storefront login controllers
Admin IP allow-listing (CIDR-aware) checked in a controller_action_predispatch observer before any admin route resolves
Randomized custom admin URL (front-name) with safe activation, fallback recovery instructions, and old-path 404 hardening
CAPTCHA enforcement (Magento native or reCAPTCHA v3) on admin login, customer login, forgot-password and registration forms
Suspicious-activity alerts via email and optional webhook on repeated failures, new-IP admin logins, and account lockouts
Tamper-evident security audit log of login successes/failures, lockouts, 2FA events and config changes, exposed through a service-contract repository
Admin grid UI under a dedicated ACL resource (Ecosire_SecuritySuite::config) for managing lockouts, whitelisted IPs and reviewing alerts
REST and GraphQL endpoints for customer 2FA enrolment and verification, so headless / PWA Studio storefronts are covered
Cron job to expire one-time tokens, clear stale lockouts and rotate/prune the audit log on a retention schedule
Per-role and per-website policy scoping (require 2FA for admins only, or for high-value customer groups) using Magento config scopes
Session and cookie hardening helpers plus optional forced-logout-on-IP-change for admin sessions
关于此产品
Lock down your store across admin and customer areas
为什么选择 Security Suite & Two-Factor Authentication
TOTP two-factor authentication (Google Authenticator / Authy compatible) for both admin (Magento\User) and customer (Magento\Customer) accounts, with QR enrolment and recovery codes
Brute-force and login-attempt throttling with configurable thresholds and progressive lockout, enforced via plugins around the admin and storefront login controllers
Admin IP allow-listing (CIDR-aware) checked in a controller_action_predispatch observer before any admin route resolves
Randomized custom admin URL (front-name) with safe activation, fallback recovery instructions, and old-path 404 hardening
CAPTCHA enforcement (Magento native or reCAPTCHA v3) on admin login, customer login, forgot-password and registration forms
Suspicious-activity alerts via email and optional webhook on repeated failures, new-IP admin logins, and account lockouts
Magento Open Source and Adobe Commerce ship with admin 2FA and a basic CAPTCHA, but most stores still expose a predictable /admin path, allow unlimited login attempts, give customers no MFA option, and provide no real-time alerting when an account is being probed. Security Suite & Two-Factor Authentication closes those gaps with one cohesive module installed under app/code/Ecosire/SecuritySuite.
We deliver TOTP-based two-factor authentication (Google Authenticator / Authy compatible) for both Magento\User admin accounts and Magento\Customer storefront accounts, layered on top of brute-force and login-attempt throttling, configurable account lockout, admin IP allow-listing, a randomized custom admin URL, and CAPTCHA enforcement on login, forgot-password and customer registration. Suspicious-activity alerts (repeated failures, new-IP admin logins, lockouts) are pushed via email and optional webhook.
The build follows Magento engineering conventions end to end: etc/adminhtml/system.xml configuration with admin ACL (Ecosire_SecuritySuite::config), an observer on controller_action_predispatch plus auth-event observers, plugins/interceptors around the login controllers, service contracts for the lockout and audit-log repositories, a cron job to purge expired tokens and stale lockouts, and REST/GraphQL endpoints so headless (PWA Studio) storefronts can drive customer 2FA enrolment.
This is build-to-order: ECOSIRE writes, installs and configures the extension on your environment, hardens settings to your policy, and supports it afterward — it is not an instant Adobe Commerce Marketplace download. You receive the full source under app/code, install docs, and an agreed delivery lead time. Compatible with Magento Open Source and Adobe Commerce 2.4.x on PHP 8.1–8.3.
你得到什么
- Custom Magento 2 module delivered as source under app/code/Ecosire/SecuritySuite (registration.php, module.xml, di.xml, system.xml, ACL, observers, plugins, cron)
- Installation and configuration on your environment (staging first, then production) by an ECOSIRE Magento engineer, including setup:upgrade and cache/DI compile in production mode
- Hardened baseline configuration tuned to your security policy (2FA scope, lockout thresholds, IP allow-list, custom admin path, CAPTCHA mode)
- REST/GraphQL endpoints documented for headless or PWA Studio integration, where applicable
- Admin user guide plus a recovery runbook (locked-out admin, lost 2FA device, custom-admin-URL fallback)
- Post-deployment smoke test, compatibility check against your installed extensions, and a defined warranty/support window
这是给谁的
Security-conscious store owner
Runs a revenue-critical Magento store and wants admin and customer accounts protected with 2FA, lockouts and alerts without hiring a full-time security engineer.
Magento system administrator / DevOps
Needs IP whitelisting, a non-default admin URL, login throttling and an audit trail that fits Magento conventions and survives 2.4.x upgrades and DI compilation.
Merchant under compliance or buyer pressure
Must demonstrate access controls, MFA and activity logging for PCI scope, cyber-insurance, or a B2B customer's vendor security review.
安装概述
从ECOSIRE下载
在 ecosire.com 上购买许可证并从您的帐户仪表板下载 Security Suite & Two-Factor Authentication 模块 ZIP。
上传至Odoo
将 ZIP 解压到服务器上的 Odoo 自定义插件文件夹中(或通过“应用程序”>“从 Odoo.sh / runbot 上的文件安装”上传)。
安装模块
激活开发者模式,打开应用程序,单击更新应用程序列表,搜索 Security Suite & Two-Factor Authentication,然后按安装。
配置设置
打开新菜单,粘贴您的 ECOSIRE 许可证密钥,连接任何外部凭据(Shopify、Amazon、Stripe 等),然后保存。
验证并上线
运行内置连接测试,同步前 10 条记录,并安排定期 cron。如果出现任何问题,请联系支持人员。
Security Suite & Two-Factor Authentication 如何比较
| 标准 | 伊科西尔 | 定制建造 | 竞争对手 | 奥杜本机 |
|---|---|---|---|---|
| 2FA for customer (storefront) accounts, not just admin | ||||
| Brute-force / login-attempt throttling with progressive lockout | ||||
| Admin IP allow-listing (CIDR) enforced before route resolution | ||||
| Randomized custom admin URL with safe recovery fallback | ||||
| Real-time suspicious-activity alerts (email + webhook) | ||||
| REST & GraphQL endpoints for headless / PWA Studio 2FA | ||||
| Built, installed, hardened and supported by Magento engineers | ||||
| Full source under app/code with no per-seat licensing lock-in |
关于Security Suite & Two-Factor Authentication的常见问题
+How long until the extension is delivered and installed?
Because this is build-to-order, ECOSIRE confirms a delivery lead time after a short scoping call — typically a few business days to about two weeks depending on your Magento/Adobe Commerce version, headless vs. Luma storefront, and the policy options you need (custom admin URL, customer 2FA, reCAPTCHA, webhooks). We install on staging first, validate, then schedule the production deployment with you. There is no instant Marketplace download.
+Do I get ongoing support and updates after launch?
Yes. Every build includes a warranty/support window, and we offer ongoing maintenance to keep the module compatible with future Magento 2.4.x and Adobe Commerce releases and PHP updates. Because you receive the full source under app/code, you are never locked in — ECOSIRE supports it, but you own the code.
+Does this work on both Magento Open Source and Adobe Commerce?
Yes. The module targets Magento 2.4.x on PHP 8.1–8.3 and runs on both Open Source and Adobe Commerce. On Adobe Commerce we integrate with its existing admin 2FA and security features rather than duplicating them, and we scope policies per website/role using standard Magento config scopes.
+Will it conflict with my existing extensions or break on upgrade?
We follow Magento conventions — plugins/interceptors, observers, service contracts and a dedicated ACL — instead of overriding core classes, which minimizes conflicts. As part of delivery we run a compatibility check against your installed third-party extensions, test DI compilation in production mode, and document anything that needs coordination.
+Can it secure a headless / PWA Studio storefront, not just Luma?
Yes. Customer 2FA enrolment and verification are exposed over REST and GraphQL, so a PWA Studio or other headless frontend can drive the MFA flow. Admin-side protections (IP allow-list, custom admin URL, login throttling, alerts) apply regardless of the storefront technology.
+What happens if an admin gets locked out or loses their 2FA device?
We ship a recovery runbook with every build: recovery codes generated at enrolment, a CLI/database fallback to reset a specific admin's 2FA, IP allow-list recovery, and documented steps to restore the default admin path if the custom URL is forgotten. ECOSIRE can also assist directly during the support window.
为什么客户信任 ECOSIRE
SOC 2 对齐
符合 GDPR
安全条纹支付
30 天退款
终身更新
LGPL-3.0 许可证
相关模块
申请报价
Security Suite & Two-Factor Authentication
A custom-built Magento 2 / Adobe Commerce security extension that adds two-factor authentication, brute-force and login protection, admin IP whitelisting, custom admin URL, CAPTCHA and suspicious-activity alerts across both admin and customer areas. Built, installed and supported by ECOSIRE.
- TOTP two-factor authentication (Google Authenticator / Authy compatible) for both admin (Magento\User) and customer (Magento\Customer) accounts, with QR enrolment and recovery codes
- Brute-force and login-attempt throttling with configurable thresholds and progressive lockout, enforced via plugins around the admin and storefront login controllers
- Admin IP allow-listing (CIDR-aware) checked in a controller_action_predispatch observer before any admin route resolves
- Randomized custom admin URL (front-name) with safe activation, fallback recovery instructions, and old-path 404 hardening