Magento is quite a reliable system and it’s protected from various malware code attacks. But at the same time it allows intruders to explore the current system and search for different vulnerabilities to embed a malware code.
Let’s protect your Magento 2.0 website using Admin Security settings.
Stores -> Configuration -> Advanced -> Admin -> Security
Add Secret Key to URLs:
This option is necessary to prevent against CSRF (Cross-site request forgery) attacks. You will not speed up your website by disabling this option and it will expose your website to a potential attack. So we select “Yes” here.
Login is Case Sensitive
If you want to enable passwords like this: PasSwOrD where cases will be important, select “Yes” to enable Case Sensitive Login.
Admin Session Lifetime
During the selected amount of time, admins’ account will be active after the last interaction of the admin with your site.
Just for you to know, it means “Completely Automated Public Turing test to tell Computers and Humans Apart.”
By default if you enable Admin Login CAPTCHA and don’t change its settings, it will appear after 3 unsuccessful attempts to login.
You can enable CAPTCHA to be displayed either always or after a certain number of unsuccessful attempts.
CAPTCHA Timeout determines how long current CAPTCHA will last. After this time expires, the user will need to reload page and enter a new combination. You can also define the number of symbols used in CAPTCHA as well as the set of symbols used for it. You can also make it mandatory to enter symbols according to their Case (Change Case Sensitive to “Yes”).
Now after you’ve enabled CAPTCHA you’ve reduced the risk of your e-store being hacked. And may malevolent people never enter your website.