Search the Community

Buy it here: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Price: Only 69,99 EURO (Free support included) Cheap doesn't always mean bad. I spent more than a year on this project and I want to help as many store owners as possible. You get all the security features that you need in this module and I update the module on a regular basis. PrestaShop in its own is very secure. It's among the most secure content management systems available. When that is said, PrestaShop advice you to set file- and folder permissions by your own, and secure your back-end with another layer of security from your webserver itself. This part is not covered by PrestaShop. I added those functions to the module, so you can do it without any coding knowledge. I added all the functions that you need to follow best practice. Trust me - this module will save you months of work. I did not add settings that are obviously already covered by PrestaShop core with another technique, but if some technique having more layers is good practice, I added those extra layers of security. You can for instance enable Two-Factor Authentication and setup e-mail alert in case of brute force attacks. Example of a great feature: You can enable e-mail notifications for filechanges. You choose the time interval to check for, by a cronjob. Then you will get an e-mail if there were any filechanges since last check. In case you get malware, spyware etc., or you mess something up by yourself, you will get an e-mail with paths to the files that was changed. In that way you know exactly where to check! Here are what you get with Security Pro (all the configurations are not listed, check screenshots for additional information): Brute force protection: Enable/Disable "Brute force protection for back office" Enable/Disable "E-mail notification in case of fail attempts to login" Enable/Disable "E-mail notification in case of successfully login" Enable/Disable "Log" Two-factor authentication Enable/Disable "Two-factor authentication" (for back office) Second login Enable/Disable "Second login" (from your webserver itself) Secure front office Enable/Disable "Click-jack protection" Enable/Disable "XSS protection" Enable/Disable "Disable content sniffing" Enable/Disable "Force secure connection with HSTS" Enable/Disable "Expect CT" Enable/Disable "Referrer policy" Anti-SPAM Enable/Disable "Prevent fake accounts / Block bots" Enable/Disable "Contact form" Enable/Disable "Block TOR IPv4 and IPv6 addresses" Enable/Disable "Block custom list of IP addresses" (The module can handle IPv4, IPv6 addresses, as well as IP ranges, in CIDR formats like ::1/128 or 127.0.0.1/32 and in pattern format like ::*:* or 127.0.*.*) Enable/Disable "Block custom list of user agents" Anti-virus Enable/Disable "Malware scanner" Enable/Disable "filechanges scanner" Enable/Disable "Log" Enable/Disable "Block file uploads" (for back office) Firewall (WAF) Enable/Disable "Anti-flood / Anti DDoS protection" Enable/Disable "Bot check" Enable/Disable "Anti-SQL injection" Enable/Disable "Anti-XXS injection" Enable/Disable "Anti-SHELL injection" Enable/Disable "Anti-HTML injection" Enable/Disable "Anti-XST injection" Enable/Disable "Block too long HTTP requests" Enable/Disable "Block user agents with too long names" Enable/Disable "Block old HTTP protocols" Enable/Disable "Block file-upload" (front office) Enable/Disable "Log" Protect content Enable/Disable "Disable right click" Enable/Disable "Disable right click on images only" Enable/Disable "Disable drag and drop" Enable/Disable "Disable copy" Enable/Disable "Disable cut" Enable/Disable "Disable paste" Enable/Disable "Disable text selection" Automatic backups Enable/Disable "Backup database to local" Enable/Disable "Backup database to Dropbox" Enable/Disable "Backup files to local" Enable/Disable "Backup files to Dropbox" Admin directory Change name of admin directory in a few clicks. Password generator Strong password generator for MySQL database, FTP, hosting panel/cPanel, SSH access and back office. Scripts Fix insecure permissions vulnerability Fix directory traversal vulnerability Analyze system for all known vulnerabilities CVE-2020-5293 CVE-2020-5288 CVE-2020-5287 CVE-2020-5286 CVE-2020-5285 CVE-2020-5279 CVE-2020-5278 CVE-2020-5276 CVE-2020-5272 CVE-2020-5271 CVE-2020-5270 CVE-2020-5269 CVE-2020-5265 CVE-2020-5264 CVE-2020-5250 CVE-2019-13461 CVE-2019-11876 CVE-2018-8823 CVE-2018-8824 CVE-2018-7491 CVE-2018-19355 CVE-2018-19124 CVE-2018-19125 CVE-2018-19126 CVE-2018-13784 CVE-2017-9841 CVE-2015-1175 Analyze your server for insecure settings session.use_cookies session.use_only_cookies session.cookie_httponly session.hash_function session.use_trans_sid session.cookie_secure session.use_strict_mode session.cookie_lifetime session.lazy_write session.sid_length session.gc_divisor session.sid_bits_per_character allow_url_fopen allow_url_include display_errors log_errors error_reporting display_startup_errors expose_php register_globals register_argc_argv short_open_tag xdebug.default_enable xdebug.remote_enable file_uploads upload_max_filesize post_max_size max_input_vars max_input_time memory_limit max_execution_time default_charset Analyze you PrestaShop configuration for insecure settings PHP version (7.2.19) SSL enabled SSL Enabled everywhere PrestaShop token Mod Security PrestaShop admin directory name Database table prefix PrestaShop debug mode Analyze SSL Analyze your SSL certificate Scan your website for mixed content Recommandation The module does not use overrides and none of the core-files are modified, so you are completely safe against conflicts between other modules. Works on all major server software (Apache, Nginx, LiteSpeed, etc.). Works on PrestaShop 1.6.1.x, 1.7.x.x and on thirty bees 1.x.x. Works on PHP 5.6.x, 7.0.x, 7.1.x and 7.2.x. Everything is very well tested. No known bugs exist and the module is battle tested! The module is already in production on many stores. The code quality is high and it follows PretaShop's guidelines. The code is optimized for performance and security. If you want to see a demo of the module, or if you have questions please contact me. Contact link: https://addons.prestashop.com/en/contact-us?id_product=44413

What's TOR and IP Blocker? Our module is a complete security suite for PrestaShop 1.5.X - 1.7.X including active blocking rules for TOR network, IP's, CIDR ranges, proxies, bots, hosts, bad user agents, SQLi, XSS and more. Secure your business with the definitive all-in-one firewall solution for PrestaShop. What features are included? Without overrides and compatible with all webservers (Apache, nginx, lightweight, etc) Auto update for TOR nodes, proxies and abuse IP's ProjectHoneypot API integration No suscription required for any of the services Block all traffic comming from TOR network Block all traffic comming from anonymous proxies Block all traffic comming from abuse IP's Block all traffic comming from blacklisted IP's Block all traffic comming from bad user agents Block entire IP ranges (CIDR) Block by hostname GeoIP blocking (Country blocking) XSS and SQLi detection and blocking Administrator email notification on attacks or Backoffice logins Whitelist / Blacklist desired IP's Network Tools (host /IP conversion, ping, ProjectHoneypot report) PrestaShop Core Integrity checker Malware scanner Cache system for a better performance and less database queries Complete stats Some customers reviews "After lots of spam orders, we were tired to canceled theses orders, sometimes more than 20 per days all paid by freshly stolen credit card This module save lots of time by blocking these annoying spammers. Plus, technical support are really helpful !! Thanks a lot for this module, I was really looking after this kind of blocker". Guy G. "Good module to regain performance and block nosy competitors. Easy to install & configure". Oliver S. "After updating the plugin works even more efficiently. I recommended this plugin, it's better than blocking by htaccess and easier than configure hosting". Kamil P. https://www.youtube.com/embed/NX4LEAhhJPs Product Link https://addons.prestashop.com/en/website-security-access/26644-tor-and-ip-blocker.html

Google reCaptcha Module Have you adopted any measures to protect your website and its content from Spammers? If not, do not worry, Google reCaptcha Module secures your website and store from spammers by verifying that the user is a human, not a bot. It is often said that reCaptcha is easy on humans but hard for bots. By enabling Google reCaptcha Module on your website, it is next to impossible for a spambot to access your website and its content. The module comes with super easy configuration and installing process in which no technical knowledge is required. The Admin has the option to use reCaptcha on Login Page, Registration Page, Contact Page, Forgotten Password Page. More info and purchase here Front Office Demo Back Office Demo Key Features of the Module: 1. It adds extra security to the website and blocks spambots entering the website. 2. The module is super easy to install, configure and fully customizable. 3. Admin has the option to enable or disable Google reCaptcha on these 4 pages: Customer Login Page Customer Registration Page Customer Contact Page Customer Forgotten Password page. 4. Admin has the option to show Google reCaptcha in Light and Dark themes. 5. An option is available to change custom CSS and JS in the Admin panel. 6. Admin has the option to show Google reCaptcha from the very beginning or after a number of failed login attempts specified in the backend. 7. Google reCaptcha is compatible with Multi-store enabled sites and with all PrestaShop themes. 8. It has Multilanguage compatibility. Merchant Benefits: 1. Google reCaptcha improves the store's security by preventing spam bots entering in your store. 2. It secures the website and its content from various spam attacks. 3. Google reCaptcha doesn't irritate customers as any human can easily tick reCaptcha and pass whereas it is very difficult for the bot to do the same. 4. It ensures the entry of only genuine customers to the store or website and eliminates spambots and other malware activity. More info and purchase here Front Office Demo Back Office Demo

Hi everyone, We would like to invite you take a quick view on our new Prestashop module: Checklist Popup to Protect, that we think it's very useful to protect your customers, staffs and increase the customer loyalty in THE AGE OF CORONAVIRUS. You can find the module here: https://addons.prestashop.com/en/pop-up/48679-checklist-popup-to-protect.html What it can do? An eyecatch checklist pop up shows the healthy behaviors to protect the health of those you serve and staff in your care on Prestashop website. What your customers will like This Prestashop module is a social awareness and medical prevention checklist, which specially created for awareness of Coronavirus (COVID-19) and how to protect and prevent. This module helps you to create quick and effective Checklist for public awareness of Coronavirus. Checklist Popup to Protect Feel free to give me a message if you have any questions.

Hallo zusammen PrestaShop Version: 1.7.3.4 Ich habe für einen Kunden einen WebShop aufgestellt bei dem man Bücher kaufen kann. Den Produkten wurden sowohl kostenlose Download Artikel zugewiesen, als auch welche bei denen man einen Benutzernamen + Passwort braucht. Wenn man einen Download-Artikel herunterladen möchte, bei dem man einen Benutzernamen + Passwort braucht, dann kommt das Formular(siehe Screenshot) wo man Benutzernamen + Passwort eingeben muss. Dies funktioniert hervorragend. Jedoch wenn man auf «Abbrechen» klickt, gelangt man auf eine Standard Seite, welche vom Plesk-Server erstellt wurde. Auf dieser Seite erscheint: Server Error 401 Authorization Required Dann hat man die Auswahl die Seite zu reloaden, zurück zur vorherigen Seite zu gelangen oder auf die Home Page. Kann man diese umgehen und eine eigene erstellen? Vielen Dank für die Antworten. Grüsse

i have prestashop site. that site hacked by someone. it was only .htaccess file change. when we log into mobile device it redirect to other site. the .htaccess file generate every directory. when i change the code it will fix. but again and again the hacker change the .htaccess file. how to fix it.

How protect file with a unique and secured token? For example my file - ajax.php include_once(dirname(__FILE__) . '/../../config/config.inc.php'); include_once(dirname(__FILE__) . '/../../init.php'); include_once(_PS_MODULE_DIR_.'bonnewsletter/classes/ClassNewsletter.php'); if (Tools::getValue('ajax') == 1) { $email = pSQL(trim(Tools::getValue('bon_newsletter_email', ''))); $check = ClassNewsletter::isNewsletterRegistered($email); if (Tools::isEmpty($email) || !Validate::isEmail($email)) { die(Tools::jsonEncode(array('success' => 3, 'error' => 'Invalid email address.'))); } else { if ($check > 0) { die(Tools::jsonEncode(array('success' => 1, 'error' => 'This email address is already registered.'))); } else { if (!ClassNewsletter::isRegistered($check)) { if (Configuration::get('NW_VERIFICATION_EMAIL')) { if ($check == ClassNewsletter::GUEST_NOT_REGISTERED) { ClassNewsletter::registerGuest($email, false); } } else { ClassNewsletter::register($email, $check); } die(Tools::jsonEncode(array('success' => 0, 'error' => 'You have successfully subscribed to this newsletter.'))); } } } } For any ideas, thank you very much!

Ce module désactiver le bouton droit de la souris, le menu contextuel, protéger les fichiers tpl de votre thème pour empêcher la copie, désactiver la sélection de texte afin que les utilisateurs ne copient pas le contenu de votre site et créer une image transparente pour empêcher leur navigation.  Caractéristiques: Navigateur croisé Multilingue Video: Pour plus de modules libres et la dernière version du module, visitez notre site Web protect.zip 12.79K 0 downloads V1.0 protect.zip v1.9 protect.zip v2.0

Ce module désactive le bouton droit de la souris, le menu contextuel, TPL protège votre thème pour empêcher la copie de celle-ci, la sélection de texte afin de ne pas copier le contenu de votre site et créer une image transparente des images alrederor pour empêcher la navigation d'entre eux.<br/><br/>lien: votre site update firefox & ie comp peuvent désormais être mis dans les options de back office updated ff copy and paste http://catalogo-onli...hop-module.html Pour plus de modules libres et la dernière version de lmodulo, visitez notre site Web protect.zip V1.0

Hi Guys, how can i Protection protect my site against bandwidth thief's? Hotlink protection is currently enabled i have also have Protect My Shop / Protéger Ma Boutique but its not installed because i don't think its compatible with 1.4.9 Thanks Rob

Hi, I was wondering how to protect my module from stealing. Since I will sell this module how can I be sure that if one person buy it, he wont give it to a friend, or resell it for lower price? Sorry if this is not the right place for this question.