# magefan/module-security

> Magefan Security extension for Magento 2

`composer require magefan/module-security`

Canonical URL: https://packagento.com/magefan/module-security

## At a glance

- **Vendor**: magefan (https://packagento.com/magefan.md)
- **Latest version**: 2.0.7 — released 2026-07-07
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/magefan/module-security and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require magefan/module-security:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

Magefan Security extension for Magento 2

## README


[![Total Downloads](https://poser.pugx.org/magefan/module-security/downloads)](https://packagist.org/packages/magefan/module-security)
[![Latest Stable Version](https://poser.pugx.org/magefan/module-security/v/stable)](https://packagist.org/packages/magefan/module-security)

<img align="right" width="120" height="120" src="https://cm.magefan.com/mf_webp/jpg/media/catalog/product/cache/a1683bce6f623be8eb25d859e5ca6d6f/i/c/icon-security.webp">

[Magento 2 Security Extension](https://magefan.com/magento-2-security-extension) Free is a security checker for Magento that helps you identify and fix security issues in your store before they can be exploited. It scans your Magento system (database and backend), detects vulnerabilities, and provides actionable tips on how to improve security.

From weak password settings to malware and maulisius files in the system, the extension helps to make sure your store follows [Magento security best practices](https://magefan.com/blog/magento-security) without requiring an ongoing developer assitance.

Monitor your security and protect your store, data, and customers from potential risks.

<a href="https://magefan.com/blog/join-our-donations"><img  align="right" width="120" height="70" src="https://magefan.com/media/wysiwyg/made_in_ukraine.jpg"></a>

<a href="https://magefan.com/magento-2-security-extension" title="Magento 2 Security Extension"><img width="190" height="70" src="https://cm.magefan.com/mf_webp/png/media/wysiwyg/products/download-magefan-extensions.webp"></a></a>

___
TL;DR:
Magefan Security Extension for Magento continuously scans your store for security vulnerabilities (both in backend and database), detects weak configurations and provides a complete security checklist and recommendations on how to improve secuirty. 

It helps you protect your Magento store from brute force attacks, unathorised logins and admin actions and multiple other security threads.

### What is Magento 2 Security and why does it matter?

Magento 2 security comprises a set of settings that protect your store from unauthorised login attempts, data leaks, malware, and system vulnerabilities.

Since Magento stores handle sensitive customer, login and payment data, proper security measures are required to protects this data can be exposed or exploited.

However, Magento security is not just about preventing attacks — it’s about continuously maintaining trust and compliance.

### Why Magento stores are vulnerable without a proper Security Extension?

Magento is a complex, powerful platform which depends heavily on configuraions and maintenance when it comes to security.

Common [Magento security issues](https://magefan.com/blog/magento-security-issues) include:

* Default or weak admin settings
* Exposed admin panel URLs
* Missing two-factor authentication
* Incorrect file permissions
* Outdated Magento or PHP versions
* Shared admin accounts

Many of these issues are not visible until there's a problem. Regular security monitoring and checks are essential to keep  Magento secure.

That's why merchants need Magento 2 Security Extension since it identifies these risks early and provides recommendations on how to fix them.

### Features of Magento 2 Security Extension

Magefan Security Extension for Magento offers an advanced security layer for your store through a variety of features:

* Magento security scan for database and backend
* Detection of common Magento vulnerabilities
* Admin panel protection checks
* Two-factor authentication status monitoring
* File and folder permission verification
* File changes and uploads monitoring
* Detection of insecure settings and configurations
* Magento and PHP version checks
* Malware detection in files and database
* Admin user activity and permissions review
* Admin changes monitoring and logs
* Fake customer email blocker
* Security recommendations and alerts
* Multi-store compatibility
* No core file modifications

### Benefist of the Security Extension for Magento
#### Sleep Better Knowing Your Store Is Protected

Even with regular Adobe security patches, new vulnerabilities surface every day. Hackers are persistent — but so are we.

The Magento 2 Security Extension keeps constant watch over your store, alerting you to threats before they cause damage. Whether it’s unauthorized admin logins, malicious code injections, or hidden malware, you’ll know exactly what’s happening and how to stop it.

<p align="center">
  <img width="700" height="349" src="https://cm.magefan.com/mf_webp/png/media/wysiwyg/products/security/magento-security.webp">
</p>

#### Stay Ahead of Threats with a Security Checklist
Stop playing guessing games with your store’s safety.

Our built-in Magento Security Checklist gives you a clear list of critical and minor issues, so you can take action immediately. With step-by-step instructions, you’ll patch vulnerabilities quickly and keep your store’s defenses strong.

<p align="center">
  <img width="700" height="349" src="https://cm.magefan.com/mf_webp/png/media/wysiwyg/products/security/magento-security-scan.webp">
</p>

#### Automatically Scan for Malware and Suspicious Files
Hackers love to hide malicious code in places you'd never check. But we check everywhere.

Run automatic scans with our Magento Security Scanner to detect harmful patterns and suspicious files before they’re activated. Find threats early and neutralize them instantly.

<p align="center">
  <img width="700" height="349" src="https://cm.magefan.com/mf_webp/png/media/wysiwyg/products/security/detect-malware-in-magento-database.webp">
</p>

#### Track Every File Change — In Real Time
Tiny changes can lead to massive breaches. Know when they happen.

This extension monitors your file system and alerts you to any added, deleted, or modified files. You’ll always know when something changes — and whether it should have.

_(README truncated for .md surface. Full README on https://packagento.com/magefan/module-security.)_

## Recent Versions

| Version | Released |
|---|---|
| 2.0.7 | 2026-07-07 |
| 2.0.6 | 2026-03-26 |
| 2.0.5 | 2026-03-20 |
| 2.0.4 | 2025-06-28 |
| 2.0.3 | 2025-05-23 |
| 2.0.2 | 2025-05-08 |
| 2.0.1 | 2025-04-23 |

## Dependencies

### Require

| Package | Constraint |
|---|---|
| magefan/module-community | >=2.3.5 |

## Quality

Latest release (2.0.7) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | Pass | – |
| 2.4.9 | – | – | 1 | 1 |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Warning | 14 | 14 warnings (ruleset: Magento2), 6 auto-fixable with phpcbf |
| PHPMD | Warning | 18 | 18 rule violations (MissingImport:6, UnusedFormalParameter:5, UnusedPrivateMethod:2, ExcessiveMethodLength:1, IfStatementAssignment:1) |
| Cpd | Warning | 2 | 2 duplicated chunks spanning 128 total lines (min-lines=5, min-tokens=70) |
| Composer validate | Info | 3 | valid; 3 advisory notes (composer validate --strict) |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | 43 | 43 | – | – |
| 2.4.8 | – | 52 | 52 | – |
| 2.4.9 | – | – | 52 | 52 |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | Pass | 0 |  |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["magefan/module-security"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

magefan is a Magento 2 vendor on Packagento. See https://packagento.com/magefan.md for their full catalogue.

