Opencart Web Application Firewall (WAF) Security Extension
Opencart Web Application Firewall (WAF) Security module offers 2-factor authentication process for the admin, customers, and affiliate users.
A QR code is visible which needs to be scanned using a Google authenticator application installed on the smartphones. Also, the admin can disable/ enable one or more IP/ countries, restricting/ allowing specific users to login.
Under Brute Force Log, a log is maintained for the user who has made login attempts. WAF Security Directory Permission includes a list of secure/ insecure directory content.
Opencart Web Application Firewall (WAF) Security module integrates high-class security measures keeping in mind the ongoing cybercrime trends, reducing the chances for a hacker or malicious attacks.
Online data, nowadays is prone to cyber-attacks owing to the ongoing cyber crimes.
As one knows that for an online business, customer’s trust as well is an important aspect. For instance, if your customer finds out that the card information that he added while making a purchase has been leaked and exposed to malicious activity, this will leave a customer disappointed and he might lose the trust in your services.
Therefore, it has become mandatory for business entrepreneurs to integrate the security features with the Opencart website and to retain and safeguard the integrity of the website and the customer data.
The store owner can enable 2-factor authentication for the admin, customer, and affiliate user login.
Thus, for 2-factor authentication, the login users must scan the QR code using Google authenticator.
The Recaptcha feature is allowed for the admin's login purpose.
This module allows pre-sign up email validation.
This module also integrates the AbuseIPDB to block and report IP.
The admin may choose to allow or disallow specific file types that can be uploaded.
Notifications for resetting passwords are sent to the admin user and customers if need be.
The admin can create custom email templates.
For additional security, the admin may choose to restrict an IP or given set of IP to access the websites data.
Also, the admin may restrict a country or set of countries to access the websites data.
A Brute Force log consists of a list of users who tend to have made login attempts.
It also displays a list of secure/ insecure directory content of the website.
Overall security of the website's data is taken care of by WAF and it protects data from malicious attacks.
After the module installation, the admin will have to configure the settings of the Opencart Web Application Firewall (WAF) Security module.
The following sub-menu options are to be configured under WAF Security:
WAF Module Configuration,
WAF Security IP Ban,
WAF Security Country Ban,
WAF Security Brute Force List, and
WAF Security Directory Permission.
Initially, under WAF Module Configurations, the admin will have to configure the fields under the General, API Keys and Mail tabs.
The admin will configure the fields such as Recaptcha for admin login, number of failed attempts, ReCaptcha display pages, poor password check, etc. under the General tab.
Thereafter, under the API Keys tab, the admin will have to add the ReCaptcha API credentials retrieved from the Google Recaptcha API page.
The next tab is the Mail tab, under which the admin configures the following tabs:
New File Notification
SignUp Email Notification
Under the New File Notification tab, the admin will configure the following fields- add new file notifications, file extensions, add new file notification subject, etc.
The Login Notification tab includes fields such as admin login notification status, admin login notification subject, admin login notification description, etc.
The admin will configure fields such as reset current logged in admin user password, reset password notification status, etc. under Another Notification tab.
The next tab which is to be configured is SignUp Email Notification under which the admin configures signup email validation status, signup email validation subject, signup email validation status, etc.
Under the Mail Info tab, the admin selects the codes to write email templates from the given list.
Further, after the WAF Module configuration, the admin will find the WAF Security IP Ban sub-menu option.
On clicking the WAF Security IP Ban option, a list of enabled or disabled IPs is present as shown in the image.
The admin can enable/ disable the IP(s) so as to allow/ restrict the users who try to login with the enable/ disable IP(s).
On clicking the WAF Security Country Ban option, a list of enabled or disabled Country(s) will be visible as shown in the image.
The admin can enable/ disable the Country(s) so as to allow/ restrict the users who try to login with the enable/ disable Country(s).
The WAF Security Brute Force Log sub-menu option, will redirect the admin to the WAF Security Brute Force Log page where a list of login history details of all the users is present, as shown in the image below.
The last sub-menu option that admin will find under WAF Security is WAF Security Directory Permission under which the directory content along with the secure/ insecure status will display as shown in the image below.
In the frontend, the customers will login to their accounts after the 2factor Authentication process. Where the QR code is to be scanned using the Google Authenticator.
The new customers will find the Verify email tab for email verification at the time when the customer registers with the website. A success message shall display when email verification message is sent.
On the contact form as well the customer will find recaptcha option for additional security.