Security
-
https://github.com/genecommerce/module-encryption-key-manager
This module was built to help you with rotation your encryption keys.
167429 Apr 2025
-
https://github.com/Vendic/magento2-adminrestriction
Deny access to Magento backend from unauthorized IPs. This module represents one of the most effective Magento backend protection policy.
03 Apr 2025
-
https://github.com/DeployEcommerce/module-admin-password-restrictions
This extension adds a configuration option to restrict the use of certain length passwords in the Magento 2 backend.
26 Mar 2025
-
https://github.com/rostilos/sonarqube-magento2-rules
Set of advanced rules for SonarQube, for Magento 2 CMS
13 -
https://github.com/ghostunicorns/module-webapi-logs
This module allows you to analyze all the webapi rest done call toward your magento.
163611 Mar 2025
-
https://sansec.io/guides/sansec-shield
Sansec Shield is a smart Web Application Firewall (WAF) that provides real-time protection for Magento and Adobe Commerce stores. Unlike traditional WAFs that rely on generic rules, Sansec Shield is integrated with the Magento core architecture and benefits from Sansec's famous expertise in Magento security. This makes our WAF the most effective solution to defend your Magento store.
-
https://github.com/Hawksama/module-oauth-security-plus
A powerful module that whitelists IP addresses for Magento 2 REST and SOAP Admin API token generation. Helps prevent unauthorized API access by ensuring only requests from trusted IPs can create admin tokens.
1301 Feb 2025
-
https://github.com/aligent/magento2-pci-4-compatibility
A Magento 2 module to bring Magento in-line with the PCI DSS 4.0 requirements
22306 Jan 2025
-
https://github.com/wubinworks/magento2-jwt-auth-patch
Deny tokens issued by old encryption key. If you cannot upgrade Magento or cannot apply the official patch, try this one.
1215 Dec 2024
-
https://helpx.adobe.com/security/products/magento/apsb24-73.html
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system read, security feature bypass and privilege escalation.
