Search the Community

Buy it here: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Price: Only 69,99 EURO (Free support included) Cheap doesn't always mean bad. I spent more than a year on this project and I want to help as many store owners as possible. You get all the security features that you need in this module and I update the module on a regular basis. PrestaShop in its own is very secure. It's among the most secure content management systems available. When that is said, PrestaShop advice you to set file- and folder permissions by your own, and secure your back-end with another layer of security from your webserver itself. This part is not covered by PrestaShop. I added those functions to the module, so you can do it without any coding knowledge. I added all the functions that you need to follow best practice. Trust me - this module will save you months of work. I did not add settings that are obviously already covered by PrestaShop core with another technique, but if some technique having more layers is good practice, I added those extra layers of security. You can for instance enable Two-Factor Authentication and setup e-mail alert in case of brute force attacks. Example of a great feature: You can enable e-mail notifications for filechanges. You choose the time interval to check for, by a cronjob. Then you will get an e-mail if there were any filechanges since last check. In case you get malware, spyware etc., or you mess something up by yourself, you will get an e-mail with paths to the files that was changed. In that way you know exactly where to check! Here are what you get with Security Pro (all the configurations are not listed, check screenshots for additional information): Brute force protection: Enable/Disable "Brute force protection for back office" Enable/Disable "E-mail notification in case of fail attempts to login" Enable/Disable "E-mail notification in case of successfully login" Enable/Disable "Log" Two-factor authentication Enable/Disable "Two-factor authentication" (for back office) Second login Enable/Disable "Second login" (from your webserver itself) Secure front office Enable/Disable "Click-jack protection" Enable/Disable "XSS protection" Enable/Disable "Disable content sniffing" Enable/Disable "Force secure connection with HSTS" Enable/Disable "Expect CT" Enable/Disable "Referrer policy" Anti-SPAM Enable/Disable "Prevent fake accounts / Block bots" Enable/Disable "Contact form" Enable/Disable "Block TOR IPv4 and IPv6 addresses" Enable/Disable "Block custom list of IP addresses" (The module can handle IPv4, IPv6 addresses, as well as IP ranges, in CIDR formats like ::1/128 or 127.0.0.1/32 and in pattern format like ::*:* or 127.0.*.*) Enable/Disable "Block custom list of user agents" Anti-virus Enable/Disable "Malware scanner" Enable/Disable "filechanges scanner" Enable/Disable "Log" Enable/Disable "Block file uploads" (for back office) Firewall (WAF) Enable/Disable "Anti-flood / Anti DDoS protection" Enable/Disable "Bot check" Enable/Disable "Anti-SQL injection" Enable/Disable "Anti-XXS injection" Enable/Disable "Anti-SHELL injection" Enable/Disable "Anti-HTML injection" Enable/Disable "Anti-XST injection" Enable/Disable "Block too long HTTP requests" Enable/Disable "Block user agents with too long names" Enable/Disable "Block old HTTP protocols" Enable/Disable "Block file-upload" (front office) Enable/Disable "Log" Protect content Enable/Disable "Disable right click" Enable/Disable "Disable right click on images only" Enable/Disable "Disable drag and drop" Enable/Disable "Disable copy" Enable/Disable "Disable cut" Enable/Disable "Disable paste" Enable/Disable "Disable text selection" Automatic backups Enable/Disable "Backup database to local" Enable/Disable "Backup database to Dropbox" Enable/Disable "Backup files to local" Enable/Disable "Backup files to Dropbox" Admin directory Change name of admin directory in a few clicks. Password generator Strong password generator for MySQL database, FTP, hosting panel/cPanel, SSH access and back office. Scripts Fix insecure permissions vulnerability Fix directory traversal vulnerability Analyze system for all known vulnerabilities CVE-2020-5293 CVE-2020-5288 CVE-2020-5287 CVE-2020-5286 CVE-2020-5285 CVE-2020-5279 CVE-2020-5278 CVE-2020-5276 CVE-2020-5272 CVE-2020-5271 CVE-2020-5270 CVE-2020-5269 CVE-2020-5265 CVE-2020-5264 CVE-2020-5250 CVE-2019-13461 CVE-2019-11876 CVE-2018-8823 CVE-2018-8824 CVE-2018-7491 CVE-2018-19355 CVE-2018-19124 CVE-2018-19125 CVE-2018-19126 CVE-2018-13784 CVE-2017-9841 CVE-2015-1175 Analyze your server for insecure settings session.use_cookies session.use_only_cookies session.cookie_httponly session.hash_function session.use_trans_sid session.cookie_secure session.use_strict_mode session.cookie_lifetime session.lazy_write session.sid_length session.gc_divisor session.sid_bits_per_character allow_url_fopen allow_url_include display_errors log_errors error_reporting display_startup_errors expose_php register_globals register_argc_argv short_open_tag xdebug.default_enable xdebug.remote_enable file_uploads upload_max_filesize post_max_size max_input_vars max_input_time memory_limit max_execution_time default_charset Analyze you PrestaShop configuration for insecure settings PHP version (7.2.19) SSL enabled SSL Enabled everywhere PrestaShop token Mod Security PrestaShop admin directory name Database table prefix PrestaShop debug mode Analyze SSL Analyze your SSL certificate Scan your website for mixed content Recommandation The module does not use overrides and none of the core-files are modified, so you are completely safe against conflicts between other modules. Works on all major server software (Apache, Nginx, LiteSpeed, etc.). Works on PrestaShop 1.6.1.x, 1.7.x.x and on thirty bees 1.x.x. Works on PHP 5.6.x, 7.0.x, 7.1.x and 7.2.x. Everything is very well tested. No known bugs exist and the module is battle tested! The module is already in production on many stores. The code quality is high and it follows PretaShop's guidelines. The code is optimized for performance and security. If you want to see a demo of the module, or if you have questions please contact me. Contact link: https://addons.prestashop.com/en/contact-us?id_product=44413