Shield - protection of the OpenCart admin panel

Shield - protection of the admin panel (OpenCart)
Additional authorization form for admin panel, additional layer of protection (double authentication).
Stop screen with login and password in front of the admin area. Works even in incognito.

What does “Shield” do
“Shield” adds an additional authorization screen in front of the admin panel and checks the login/password before executing the rest of the code, thereby even if bots try to brute force passwords, it creates a much smaller load on the server than with the standard authorization form .
Enabled - the admin panel is closed. Turned it off - the system returned to its original state, leaving no garbage.

Who might find it useful
- An additional layer of protection for the workerwebsite.
- Closed access to dev / stage during edits.
- Quick “private” for a demo showcase or B2B account.

Safety under the hood
- Timing-secure login and password checks, eliminating response time leaks.
- CSRF token in the form.
- Anti-brute force: after 3 errors, the IP is blocked for 1 hour (threshold and time can be changed).
- Detailed logs of successful and unsuccessful logins + block list in JSON format.
- A direct attempt to open an auth file gives a 404.

Administration
- Enabling and disabling is done from the module settings.
- The login and password fields are equipped with a “show” button and a reliable value generator.
- When the password is changed, a notification is automatically sent to the administrator’s e-mail.Advantages
- Fires before loading the admin panel and all modifications.
- Does not require .htaccess, custom nginx rules and third-party libraries - pure PHP.
- Compatible with incognito mode, does not conflict with cache and SEO modules.
- Full rollback of changes with one button when the module is disabled.

Installation
Download the OCMOD archive via the standard installer.
In “Extensions → Modules” find “Shield”, enable it and set a login/password - the protection is active immediately.

Demo version
Link - https://schit.opencart-cms.ru/admin/
Login and password for the first authorization form - demo1 and  demo1
Login and password for the second authorization form - demo and demo


FAQIs incognito supported?
Yes, thanks to secure cookies and strict sessions.
Does it affect SEO or cache?
No, the logic is isolated and does not touch the core.
How to rollback changes?
Turn off the module: the insert and file will be deleted, and the screen sessions will be cleared.
Where can I look at the logs?
In storage/logs (or system/storage/logs) there is a file auth_admin_access.log and a JSON block list.

License and support
One license - one domain.
Support and modification are provided on a paid basis.

Write a review

Your Name:


Your Review: Note: HTML is not translated!

Rating: Bad           Good

Enter the code in the box below: