Opencart Web Application Firewall (WAF) Security Extension
Opencart Web Application Firewall (WAF) Security module offers 2-factor authentication process for the admin, customers, and affiliate users.
A QR code is visible which needs to be scanned using a Google authenticator application installed on the smartphones. Also, the admin can disable/ enable one or more IP/ countries, restricting/ allowing specific users to login.
Under Brute Force Log, a log is maintained for the user who has made login attempts. WAF Security Directory Permission includes a list of secure/ insecure directory content.
Opencart Web Application Firewall (WAF) Security module integrates high-class security measures keeping in mind the ongoing cybercrime trends, reducing the chances for a hacker or malicious attacks.
Note:
1. This module supports all templates and themes including the Journal theme.
2. Also, Opencart Web Application Firewall (WAF) Security supports the Multi-Store feature of default Opencart.
Use case:
Online data, nowadays is prone to cyber-attacks owing to the ongoing cyber crimes.
As one knows that for an online business, customer’s trust as well is an important aspect. For instance, if your customer finds out that the card information that he added while making a purchase has been leaked and exposed to malicious activity, this will leave a customer disappointed and he might lose the trust in your services.
Therefore, it has become mandatory for business entrepreneurs to integrate the security features with the Opencart website and to retain and safeguard the integrity of the website and the customer data.
Features:
The store owner can enable 2-factor authentication for the admin, customer, and affiliate user login.
Thus, for 2-factor authentication, the login users must scan the QR code using Google authenticator.
The Recaptcha feature is allowed for the admin's login purpose.
This module allows pre-sign up email validation.
This module also integrates the AbuseIPDB to block and report IP.
The admin may choose to allow or disallow specific file types that can be uploaded.
Notifications for resetting passwords are sent to the admin users and customers if need be.
The admin can create custom email templates.
For additional security, the admin may choose to restrict an IP or given a set of IPs to access the website's data.
Also, the admin may restrict a country or set of countries to access the website's data.
A Brute Force log consists of a list of users who tend to have made login attempts.
It also displays a list of secure/ insecure directory content of the website.
The overall security of the website's data is taken care of by WAF and it protects data from malicious attacks.
Allows with WAF Security Email Domain Ban feature and shows WAF Security Email Domain Ban log as well.
Workflow:
After the module installation, the admin will have to configure the settings of the Opencart Web Application Firewall (WAF) Security module.
The following sub-menu options are to be configured under WAF Security:
WAF Module Configuration,
WAF Security IP Ban,
WAF Security Country Ban,
WAF Security Brute Force Log,
WAF Security Directory Permission,
WAF Security Email Domain Ban, and
WAF Security Email Domain Ban Log
Initially, under WAF Module Configurations, the admin will have to configure the fields under the General, API Keys, and Mail tabs.
The admin will configure the fields such as Recaptcha for admin login, number of failed attempts, ReCaptcha display pages, poor password check, etc. under the General tab.
Thereafter, under the API Keys tab, the admin will have to add the ReCaptcha API credentials retrieved from the Google Recaptcha API page.
The next tab is the Mail tab, under which the admin configures the following tabs:
New File Notification
Login Notification
Other Notification
SignUp Email Notification
Mail Info
Under the New File Notification tab, the admin will configure the following fields- add new file notifications, file extensions, add new file notification subject, etc.
The Login Notification tab includes fields such as admin login notification status, admin login notification subject, admin login notification description, etc.
The admin will configure fields such as reset current logged-in admin user password, reset password notification status, etc. under the Another Notification tab.
The next tab which is to be configured is SignUp Email Notification under which the admin configures signup email validation status, signup email validation subject, signup email validation status, etc.
Under the Mail Info tab, the admin selects the codes to write email templates from the given list.
The admin can enable/ disable the IP(s) so as to allow/ restrict the users who try to login with the enable/ disable IP(s).
On clicking the WAF Security Country Ban option, a list of enabled or disabled Country(s) will be visible as shown in the image.
The admin can enable/ disable the Country(s) so as to allow/ restrict the users who try to login with the enable/ disable Country(s).
The WAF Security Brute Force Log sub-menu option, will redirect the admin to the WAF Security Brute Force Log page where a list of login history details of all the users is present, as shown in the image below.
Then admin will find WAF Security Directory Permission under which the directory content along with the secure/ insecure status will display as shown in the image below.
WAF Security Email Domain Ban section shows WAF Security Email Domain Ban List as shown below:
WAF Security Email Domain Ban Log section shows user login details of the banned domain as shown below:
In the frontend, the customers will log in to their accounts after the 2factor Authentication process. Where the QR code is to be scanned using the Google Authenticator.
The new customers will find the Verify email tab for email verification at the time when the customer registers with the website. A success message shall display when an email verification message is sent.
On the contact form as well the customer will find the Recaptcha option for additional security.
Login and write down your comment.
Login my OpenCart Account