How to Secure Magento 2 Admin [Updated 2024]

Hello Magento Folks?,

What are you all doing? Hopefully, all are safe and healthy. In today’s article, I will illustrate Magento 2 Secure Your Admin. Also, check our previously placed article How To Cancel A Shipment In Magento 2. Let’s Get Started with today’s topic?

Introduction:

All the E-commerce running stores, especially Magento should always be sure in upgrading the security of the administration. It is mandatory to manage your admin system to prevent your store from the hackers who are trying to attack your store. For securing your Magento 2 store I will help you to configure your admin security. Follow the below-illustrated steps for securing your Magento 2 Admin.

Steps to Secure Your Magento 2 Admin:

Step 1: Firstly, navigate to Stores > Settings > Configuration>Advanced > Admin and explore the Security section.

Step 2: Fill out the details accordingly.

Admin Account Sharing: “YES” if want to use in multiple computers else “NO”

Password Reset Protection Type: Select your desired type for protecting the Reset Password option of your Magento 2 store.

Recovery Link Expiration Period (Hours): Enter your desired time for Recovery Link Expiration Period

Max Number of Password Reset Requests: Enter your desired number for requesting for password reset per hour.

Min Time Between Password Reset Requests: Enter your desired number for the minimum time to request for password reset per hour.

Add Secret Key to URL’s: Select YES to enable and NO to disable it is recommended to Enable it as it prevents all the CSRF(Cross-site request forgery) attacks

Login is Case Sensitive: Choose “YES” to identify differences between lower and upper case characters for disabling choose “NO”.

Admin Session Lifetime (seconds): Add the time period for admin session lifetime in seconds.

Maximum Login Failures to Lockout Account: Add the number for deciding how many times users can enter wrong passwords.

Lockout Time (minutes): Enter the lockout time for your Magento 2 store.

Password Lifetime (Days): Add number as per your desire for password lifetime that the user can log in before it expires.

Password Change: Choose “forced” force the users to change the password before it expires else you can select “Recommended”

Step 3: Save the configuration

That’s It.

Over to You:

Therefore, with the help of the above steps, you will be able to Secure Your Admin in Magento 2. If you find any problems in implementing the above illustration then do comment down in the comment box I will be happy to help. Be yourself helpful by sharing the article with your Magento friends. Till then Stay safe and Stay Helpful.

Happy Reading?

Subscribe to Notifications