Search the Community

Buy it here: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Price: Only 69,99 EURO (Free support included) Cheap doesn't always mean bad. I spent more than a year on this project and I want to help as many store owners as possible. You get all the security features that you need in this module and I update the module on a regular basis. PrestaShop in its own is very secure. It's among the most secure content management systems available. When that is said, PrestaShop advice you to set file- and folder permissions by your own, and secure your back-end with another layer of security from your webserver itself. This part is not covered by PrestaShop. I added those functions to the module, so you can do it without any coding knowledge. I added all the functions that you need to follow best practice. Trust me - this module will save you months of work. I did not add settings that are obviously already covered by PrestaShop core with another technique, but if some technique having more layers is good practice, I added those extra layers of security. You can for instance enable Two-Factor Authentication and setup e-mail alert in case of brute force attacks. Example of a great feature: You can enable e-mail notifications for filechanges. You choose the time interval to check for, by a cronjob. Then you will get an e-mail if there were any filechanges since last check. In case you get malware, spyware etc., or you mess something up by yourself, you will get an e-mail with paths to the files that was changed. In that way you know exactly where to check! Here are what you get with Security Pro (all the configurations are not listed, check screenshots for additional information): Brute force protection: Enable/Disable "Brute force protection for back office" Enable/Disable "E-mail notification in case of fail attempts to login" Enable/Disable "E-mail notification in case of successfully login" Enable/Disable "Log" Two-factor authentication Enable/Disable "Two-factor authentication" (for back office) Second login Enable/Disable "Second login" (from your webserver itself) Secure front office Enable/Disable "Click-jack protection" Enable/Disable "XSS protection" Enable/Disable "Disable content sniffing" Enable/Disable "Force secure connection with HSTS" Enable/Disable "Expect CT" Enable/Disable "Referrer policy" Anti-SPAM Enable/Disable "Prevent fake accounts / Block bots" Enable/Disable "Contact form" Enable/Disable "Block TOR IPv4 and IPv6 addresses" Enable/Disable "Block custom list of IP addresses" (The module can handle IPv4, IPv6 addresses, as well as IP ranges, in CIDR formats like ::1/128 or 127.0.0.1/32 and in pattern format like ::*:* or 127.0.*.*) Enable/Disable "Block custom list of user agents" Anti-virus Enable/Disable "Malware scanner" Enable/Disable "filechanges scanner" Enable/Disable "Log" Enable/Disable "Block file uploads" (for back office) Firewall (WAF) Enable/Disable "Anti-flood / Anti DDoS protection" Enable/Disable "Bot check" Enable/Disable "Anti-SQL injection" Enable/Disable "Anti-XXS injection" Enable/Disable "Anti-SHELL injection" Enable/Disable "Anti-HTML injection" Enable/Disable "Anti-XST injection" Enable/Disable "Block too long HTTP requests" Enable/Disable "Block user agents with too long names" Enable/Disable "Block old HTTP protocols" Enable/Disable "Block file-upload" (front office) Enable/Disable "Log" Protect content Enable/Disable "Disable right click" Enable/Disable "Disable right click on images only" Enable/Disable "Disable drag and drop" Enable/Disable "Disable copy" Enable/Disable "Disable cut" Enable/Disable "Disable paste" Enable/Disable "Disable text selection" Automatic backups Enable/Disable "Backup database to local" Enable/Disable "Backup database to Dropbox" Enable/Disable "Backup files to local" Enable/Disable "Backup files to Dropbox" Admin directory Change name of admin directory in a few clicks. Password generator Strong password generator for MySQL database, FTP, hosting panel/cPanel, SSH access and back office. Scripts Fix insecure permissions vulnerability Fix directory traversal vulnerability Analyze system for all known vulnerabilities CVE-2020-5293 CVE-2020-5288 CVE-2020-5287 CVE-2020-5286 CVE-2020-5285 CVE-2020-5279 CVE-2020-5278 CVE-2020-5276 CVE-2020-5272 CVE-2020-5271 CVE-2020-5270 CVE-2020-5269 CVE-2020-5265 CVE-2020-5264 CVE-2020-5250 CVE-2019-13461 CVE-2019-11876 CVE-2018-8823 CVE-2018-8824 CVE-2018-7491 CVE-2018-19355 CVE-2018-19124 CVE-2018-19125 CVE-2018-19126 CVE-2018-13784 CVE-2017-9841 CVE-2015-1175 Analyze your server for insecure settings session.use_cookies session.use_only_cookies session.cookie_httponly session.hash_function session.use_trans_sid session.cookie_secure session.use_strict_mode session.cookie_lifetime session.lazy_write session.sid_length session.gc_divisor session.sid_bits_per_character allow_url_fopen allow_url_include display_errors log_errors error_reporting display_startup_errors expose_php register_globals register_argc_argv short_open_tag xdebug.default_enable xdebug.remote_enable file_uploads upload_max_filesize post_max_size max_input_vars max_input_time memory_limit max_execution_time default_charset Analyze you PrestaShop configuration for insecure settings PHP version (7.2.19) SSL enabled SSL Enabled everywhere PrestaShop token Mod Security PrestaShop admin directory name Database table prefix PrestaShop debug mode Analyze SSL Analyze your SSL certificate Scan your website for mixed content Recommandation The module does not use overrides and none of the core-files are modified, so you are completely safe against conflicts between other modules. Works on all major server software (Apache, Nginx, LiteSpeed, etc.). Works on PrestaShop 1.6.1.x, 1.7.x.x and on thirty bees 1.x.x. Works on PHP 5.6.x, 7.0.x, 7.1.x and 7.2.x. Everything is very well tested. No known bugs exist and the module is battle tested! The module is already in production on many stores. The code quality is high and it follows PretaShop's guidelines. The code is optimized for performance and security. If you want to see a demo of the module, or if you have questions please contact me. Contact link: https://addons.prestashop.com/en/contact-us?id_product=44413

What's TOR and IP Blocker? Our module is a complete security suite for PrestaShop 1.5.X - 1.7.X including active blocking rules for TOR network, IP's, CIDR ranges, proxies, bots, hosts, bad user agents, SQLi, XSS and more. Secure your business with the definitive all-in-one firewall solution for PrestaShop. What features are included? Without overrides and compatible with all webservers (Apache, nginx, lightweight, etc) Auto update for TOR nodes, proxies and abuse IP's ProjectHoneypot API integration No suscription required for any of the services Block all traffic comming from TOR network Block all traffic comming from anonymous proxies Block all traffic comming from abuse IP's Block all traffic comming from blacklisted IP's Block all traffic comming from bad user agents Block entire IP ranges (CIDR) Block by hostname GeoIP blocking (Country blocking) XSS and SQLi detection and blocking Administrator email notification on attacks or Backoffice logins Whitelist / Blacklist desired IP's Network Tools (host /IP conversion, ping, ProjectHoneypot report) PrestaShop Core Integrity checker Malware scanner Cache system for a better performance and less database queries Complete stats Some customers reviews "After lots of spam orders, we were tired to canceled theses orders, sometimes more than 20 per days all paid by freshly stolen credit card This module save lots of time by blocking these annoying spammers. Plus, technical support are really helpful !! Thanks a lot for this module, I was really looking after this kind of blocker". Guy G. "Good module to regain performance and block nosy competitors. Easy to install & configure". Oliver S. "After updating the plugin works even more efficiently. I recommended this plugin, it's better than blocking by htaccess and easier than configure hosting". Kamil P. https://www.youtube.com/embed/NX4LEAhhJPs Product Link https://addons.prestashop.com/en/website-security-access/26644-tor-and-ip-blocker.html

Google reCaptcha Module Have you adopted any measures to protect your website and its content from Spammers? If not, do not worry, Google reCaptcha Module secures your website and store from spammers by verifying that the user is a human, not a bot. It is often said that reCaptcha is easy on humans but hard for bots. By enabling Google reCaptcha Module on your website, it is next to impossible for a spambot to access your website and its content. The module comes with super easy configuration and installing process in which no technical knowledge is required. The Admin has the option to use reCaptcha on Login Page, Registration Page, Contact Page, Forgotten Password Page. More info and purchase here Front Office Demo Back Office Demo Key Features of the Module: 1. It adds extra security to the website and blocks spambots entering the website. 2. The module is super easy to install, configure and fully customizable. 3. Admin has the option to enable or disable Google reCaptcha on these 4 pages: Customer Login Page Customer Registration Page Customer Contact Page Customer Forgotten Password page. 4. Admin has the option to show Google reCaptcha in Light and Dark themes. 5. An option is available to change custom CSS and JS in the Admin panel. 6. Admin has the option to show Google reCaptcha from the very beginning or after a number of failed login attempts specified in the backend. 7. Google reCaptcha is compatible with Multi-store enabled sites and with all PrestaShop themes. 8. It has Multilanguage compatibility. Merchant Benefits: 1. Google reCaptcha improves the store's security by preventing spam bots entering in your store. 2. It secures the website and its content from various spam attacks. 3. Google reCaptcha doesn't irritate customers as any human can easily tick reCaptcha and pass whereas it is very difficult for the bot to do the same. 4. It ensures the entry of only genuine customers to the store or website and eliminates spambots and other malware activity. More info and purchase here Front Office Demo Back Office Demo

Block Bot/User by IP, Country or User Agent The spam traffic and bots are one of the biggest challenges for the eCommerce store owners. Block Bot/User by IP, country or User Agent module is the best solution to block the known spam bots. The store admin can block the spammers based on the IP, Country or User-agent this will help to reduce the unwanted traffic and spam. More info and purchase here: Block Bot/User by IP, Country or User Agent FRONT DEMO BACKOFFICE DEMO Key features of the Block Bot/User by IP, Country or User Agent Module: 1) Block spam bots by IP: By using this feature the store admin can block the IP which is generating the spam. 2) Block by Country: In case the store admin does not want to offer the services/products to selected countries, then, the admin can block these countries from accessing the store. It will help the admin to remove the unwanted traffic from the store. 3) Block by User-Agent: The admin can easily block the spam traffic based on the user-agent. 4) Display custom message: The admin can display a message on the website to the blocked users with the option for them to contact the admin. 5) Display options: The store admin can select the option to display the header and footer of the website to the blocked users. User Manual: https://addons.prestashop.com/en/website-security-access/29186-knowband-block-bot-user-by-ip-country-or-user-agent.html Screenshots:

Hi all I've just signed up to Google Webmaster, but I'm getting an 'Unreachable' error message when I run a 'fetch and render' function. Hours later and I'm wondering if it could be related to my robot file, please see below... # robots.txt automaticaly generated by PrestaShop e-commerce open-source solution # http://www.prestashop.com - http://www.prestashop.com/forums # This file is to prevent the crawling and indexing of certain parts # of your site by web crawlers and spiders run by sites like Yahoo! # and Google. By telling these "robots" where not to go on your site, # you save bandwidth and server resources. # For more information about the robots.txt standard, see: # http://www.robotstxt.org/robotstxt.html User-agent: * # Allow Directives Allow: */modules/*.css Allow: */modules/*.js # Private pages Disallow: /*?orderby= Disallow: /*?orderway= Disallow: /*?tag= Disallow: /*?id_currency= Disallow: /*?search_query= Disallow: /*?back= Disallow: /*?n= Disallow: /*&orderby= Disallow: /*&orderway= Disallow: /*&tag= Disallow: /*&id_currency= Disallow: /*&search_query= Disallow: /*&back= Disallow: /*&n= Disallow: /*controller=addresses Disallow: /*controller=address Disallow: /*controller=authentication Disallow: /*controller=cart Disallow: /*controller=discount Disallow: /*controller=footer Disallow: /*controller=get-file Disallow: /*controller=header Disallow: /*controller=history Disallow: /*controller=identity Disallow: /*controller=images.inc Disallow: /*controller=init Disallow: /*controller=my-account Disallow: /*controller=order Disallow: /*controller=order-opc Disallow: /*controller=order-slip Disallow: /*controller=order-detail Disallow: /*controller=order-follow Disallow: /*controller=order-return Disallow: /*controller=order-confirmation Disallow: /*controller=pagination Disallow: /*controller=password Disallow: /*controller=pdf-invoice Disallow: /*controller=pdf-order-return Disallow: /*controller=pdf-order-slip Disallow: /*controller=product-sort Disallow: /*controller=search Disallow: /*controller=statistics Disallow: /*controller=attachment Disallow: /*controller=guest-tracking # Directories Disallow: */classes/ Disallow: */config/ Disallow: */download/ Disallow: */mails/ Disallow: */modules/ Disallow: */translations/ Disallow: */tools/ # Files Disallow: /*password-recovery Disallow: /*address Disallow: /*addresses Disallow: /*login Disallow: /*cart Disallow: /*discount Disallow: /*order-history Disallow: /*identity Disallow: /*my-account Disallow: /*order-follow Disallow: /*credit-slip Disallow: /*order Disallow: /*search Disallow: /*quick-order Disallow: /*guest-tracking Disallow: /*order-confirmation # Sitemap Sitemap: https://ellisandwren.com/1_index_sitemap.xml Anything obvious please? I've contacted my web hosts and they have said nothing is blocking Google their end. Thanks in advance.

Bonjour, je me suis réveillé ce matin avec 10500 messages envoyé via le formulaire de contact prestashop. Des messages en chinois. Du coup mon hébergeur a bloqué les envois de mail et mes clients n'ont pas reçu leur mail de confirmation de commande... Comment réagir au mieux face à cette situation ? Pour bloquer l'IP, je n'ai pas réussi à trouver l'IP de l'expéditeur... Merci.

Hi, I keep getting spam from these chinese hackers, Even after installing a CAPTCHA on every form, they somehow seem to go over it, and send spam anyway! What should I do?

Buenas que tal? Durante dos dias he tenido una visita de un bot desde San Jose con mas de 300 visitas al día. Al darme cuenta he baneado su ip. Me gustaria saber si existe algun modulo, aplicacion o web para chequear la pagina y ver si tiene algun malware o troyano...etc... Gracias people de ante mano.