Protecting Against Unauthorized Backend Access

The security of your administration area is the heart of your shop's protection. Magento 2 offers in-depth options to regulate access.

Key Security Parameters

Under Stores > Configuration > Advanced > Admin > Security, you will find the following options:

  • Admin Session Lifetime: Define after how many seconds of inactivity an admin is automatically logged out (recommended: 3600 sec.).
  • Password Lifetime: Force administrators to change their password every 90 days.
  • Login Password Error Threshold: Set the number of failed attempts after which an admin account is temporarily locked.
Pro Tip: Always use the "Add Secret Key to URLs" option to prevent CSRF (Cross-Site Request Forgery) attacks. This setting is enabled by default and should not be disabled.

Server-Level Security

In addition to Magento's features, we protect your installation with Imunify360 and Web Application Firewalls.

Secure Hosting Now
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

The Classic: Creating Simple Products in Magento 2

The Simple Product: The Foundation of Your Catalog A "Simple Product" is a physical item...
Digital Sales: Managing Downloadable Products in Magento 2

Sell E-Books, Software, and Music Securely Downloadable products consist of one or more files...
Pure Flexibility: Product Attributes and Attribute Sets in Magento 2

Attributes: The DNA of Your Products Attributes are characteristics of your products (e.g.,...
Enforcing HTTPS: Enabling SSL Encryption in Magento 2

Secure Data Transfer via SSL Without SSL encryption (HTTPS), modern payment methods are no...
Intangible Goods: Creating Virtual Products in Magento 2

Selling Services and Memberships A "Virtual Product" represents goods that do not need to be...