26 Jul Security Settings for Magento Store

Website or an online store is to be made secure and this should be the first priority. Here, we will learn about security settings for Magento Store.

If someone try to enter the website in the form of an unauthorized user i.e. tries and fails with login attempts, then with these setting, you can easily lockout that user. Generally, these lockout settings are to prevent random computer-generated logon attempts. These are attempts that occur many times a second.

So, through this, you can Lockout that account for specified amount of time. This is Lockout Time, which we will learn how to set for Locked Account.

In the previous lessons, we learned how to enable captcha on customer registration and to change the Admin Base URL, which also makes Magento store more secure.

Follow the steps,

Go to STORES, then Configuration. After that go to Admin tab under ADVANCED and click on it. Now, you can see the Security section easily as in the following screenshot,

Now, set the following option for failed login attempts. After 5 attempts that account will lock for 60 minutes as shown below,

Maximum Login Failures to Lockout Account: 5

Lockout Time (minutes): 60

After doing the above changes, click Save Config.