Search
My Cart

aligent / magento2-pci-4-compatibility

aligent/magento2-pci-4-compatibility

Provide compatibility with PCI DSS 4.0 requirements

magento2-module Compatibility: 2.4.7-2.4.9 Code Quality: Fail Tests: Fail Security: Pass MIT

Magento 2 PCI DSS 4.0 Compatibility

A Magento 2 module to bring the use of admin accounts in-line with the PCI DSS 4.0 requirements, with changes covering the following requirements:

  • 8.2.6
    • Inactive user accounts are removed or disabled within 90 days of inactivity
  • 8.2.8
    • If a user session has been idle for more than 15 minutes, the user is required to re-authenticate to re-activate the terminal or session.
  • 8.3.4
    • Invalid authentication attempts are limited by:
      • Locking out the user ID after not more than 10 attempts.
      • Setting the lockout duration to a minimum of 30 minutes or until the user’s identity is confirmed.
  • 8.3.6
    • If passwords/passphrases are used as authentication factors to meet Requirement 8.3.1, they meet the following minimum level of complexity:
      • A minimum length of 12 characters (or IF the system does not support 12 characters, a minimum length of eight characters).
      • Contain both numeric and alphabetic characters

The changes invovled for each requirement are as follows:

  • 8.2.6
    • A new cron job (scheduled once per day) will automatically make any account that has not logged in for 90 days inactive
  • 8.2.8
    • The configuration setting in admin for idle timeout has been modified to only accept values less than or equal to 900 seconds (15 minutes).
  • 8.3.4
    • The configuration setting in admin for the number of incorrect login attempts before an account is locked has been modified to only accept values less than or equal to 10.
    • The configuration setting in admin for the time an account is locked for has been modified to only accept values greater than or equal to 30.
  • 8.3.6
    • The minimum number of characters a password must have has been increased from 7 to 12.

Installation

composer require aligent/magento2-pci-4-compatibility
bin/magento module:enable Aligent_Pci4Compatibility
bin/magento setup:upgrade

No changelog yet

The vendor hasn't published a changelog. Tagged releases appear in the Versions tab.

Versions
Version Stability QA Status Compatibility Released
1.4.1 stable Fail Magento 2.4.7-2.4.9 Details 2026-02-27 05:18:33
1.4.0 stable Not tested Not yet tested Details 2026-02-18 00:51:37
1.3.1 stable Not tested Not yet tested Details 2025-10-24 03:51:39
1.3.0 stable Not tested Not yet tested Details 2025-10-21 23:54:41
1.2.0 stable Not tested Not yet tested Details 2025-04-15 07:00:36
1.1.3 stable Not tested Not yet tested Details 2025-03-18 23:22:27
1.1.2 stable Not tested Not yet tested Details 2025-03-18 22:41:28
1.1.1 stable Not tested Not yet tested Details 2025-03-12 22:23:48
1.1.0 stable Not tested Not yet tested Details 2025-01-07 00:19:53
1.0.0 stable Not tested Not yet tested Details 2025-01-06 04:09:14

Requires 1

Package Constraint
php ^8.1.0|^8.2.0|^8.3.0|^8.4.0

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 Pass Pass
2.4.8 Pass Pass
2.4.9 Pass Pass

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool Status Findings Summary
PHPCS Fail 11 1 error, 10 warnings (ruleset: Magento2) — 8 auto-fixable with phpcbf
PHPMD Warning 6 6 rule violations (UnusedFormalParameter:3, UndefinedVariable:1, UnusedLocalVariable:1, MissingImport:1)
Cpd Pass 0
Composer validate Pass 0

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.

PHPStan results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 2 2
2.4.8 2 2
2.4.9 2 2

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Integration tests

Integration tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 Pass Pass
2.4.8 Pass Error
2.4.9 Pass not tested

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool Status Findings Summary
Composer audit Pass 0
Malware scan Pass 0
License
MIT
Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.

List your module