Magento Development Basics
Symlinks in Magento 2
What is the Dependency inversion principle and how it is used in Magento 2?
Magento & Dev Environment Setup
Uses and configuration of LiveReload on Magento 2
Magento 2 frontend tools for developers
How to use grunt in Magento 2?
Theme development
How to exclude specific js files from minify?
How to call the helper method in phtml template file?
Easiest way to load your custom JS Component in Magento 2
Theme Development Best Practices
How to extend existing jquery widget in Magento 2?
How to add a link in the top menu in Magento 2
How to add a link in your account navigation for Magento 2?
How to add non-category link to navigation menu in Magento 2?
How to use Private Content or Sections in Magento 2?
How to call custom phtml in admin product ui-component form in Magento 2?
How to add a static block in a sidebar column Magento 2?
How to show description of the product in wishlist phtml file?
How to add variables for Magento 2 templates?
How to create a custom widget in Magento 2?
How to create a new custom tab in the product detail page in Magento 2?
Remove unnecessary link from My Account in Magento 1
Difference between attributes remove and display true|false in the layout
Magento Customization & Extension Development
How to override reorder functionality in Magento 2 by disabling core plugin?
How can I check which final preference class is used for any particular class?
What are the main benefits of the all new PHP 7.2 for Magento sites?
How to create REST API in Magento 2?
How to Configure URL Rewrites in Magento 2?
How to use curl in Magento 2
How to create a new router in Magento 2?
Display Custom Product Price
How to set a custom price programmatically when adding a product to the cart in Magento 2?
How to use a custom price template in Magento 2?
CLI
How to setup and remove cron using CLI in Magento 2?
How to change the Magento 2 configuration from the CLI command?
How to check your code is compatible with PHP?
Recurring setup script in Magento 2
Admin Panel Configuration & Customization
How to display a custom admin system notification in the admin panel Magento 2?
How to change PAD length in order increment number in Magento 2?
How to setup configuration setting for a module in Magento 2?
How to attach a file in product admin form and display attachment in product detail page in Magento 2?
How to create system.xml configuration in Magento 2?
How to create a custom tab and call custom phtml in admin category form in Magento 2?
How to add a custom button in the admin product ui-component form in Magento 2?
How to display EAV attribute data in Magento custom grid?
Add view button in admin grid to open a view page in slide window in Magento 2
Translation
How to generate a translation dictionary of a module in Magento 2?
Multi Store Configuration, Store Management
How to create multiple websites in Magento 2?
How to create and use language-pack component in Magento 2?
How to convert the price from one currency to another in the Magento 2?
Store Configuration
How to setup Refer Email to a Friend in the Magento 2?
How to set up Magento 2 RSS Feed
How to send order email to a custom email address?
How to Configure Magento 2 Swatches?
Account Page
How to remove unnecessary customer account links in Magento 2?
Cache Management
How to use cache-clean.js watcher utility in Magento 2?
How to Add block to cache in Magento 2
How to get customer session data when a cache is enabled in Magento 2?
How to check customer is logged in or not when a cache is enabled in Magento 2
Category and Product customization
How to prevent/omit category path from product URL to access the product page?
How to add a column to the tier price in Magento 2 admin?
Which search engine I can choose among the Sphinx/Solr/Elasticsearch?
Taxation Setup
How to Set Up Tax Rules in Magento 2?
Shipping Method
Add Grand total in the shopping cart rule condition
How to setup Free Shipping in Magento 2?
How to create a shipping method in Magento 2?
Payment Method
How to Add a Custom Payment Method to Magento 2 Checkout?
How to setup Authorize.net in Magento 2?
Checkout Customization
How to move telephone field in Checkout for Magento 2 sites?
Email Queue
How does email queue work in Magento?
Cron Scheduler
Secure direct access of cron.php file from the browser
How to install Magento SUPEE-11086 patch
How to Enable 2FA Google Authenticator in Magento 2.3.x
Magento Application Testing
How to generate data for performance testing in Magento 2?
Chapters Close

How to install Magento SUPEE-11086 patch

By: Avinash Sonune Mar 26th, 2019 2 min to read
how-to-install–magento–supee-11086-patch
Table of Contents

In this post, I will be guiding you on how to install Magento SUPEE 11086 patch.

The security patch SUPEE-11086 contains multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.

You can find more details from Magento Release notes for SUPEE 11086.

Follow below steps to install Magento SUPEE-11086 patch on your store.

Step-1: Download the patch file

Download the Magento SUPEE-11086 Patch files for your Magento Version from https://magento.com/tech-resources/download#download2287.

Step-2: Install the patch

Upload the patch into your Magento root directory and run the appropriate SSH command.

Connect to your SSH console and go to your root directory and run the below command.

For patch file with .sh file extension:

Copy Code
<pre><code class="bash">sh patch_file_name.sh</code></pre>

You have to replace patch_file_name with your patch file name.

For example:

Copy Code
<pre><code class="bash">sh PATCH_SUPEE-11086_CE_1.9.4.0_v1-2019-03-26-03-05-04.sh</code></pre>

For patch file with .patch file extension:

Copy Code
patch -p0 < patch_file_name.patch

How to revert a patch?

If you are facing some issue after applying the patch and now you want to revert back the changes. Then run bellow SSH command to revert your patch.

Copy Code
<pre><code class="bash">sh patch-file-name.sh -R</code></pre>

Thanks for reading!  🙂

Previous Case Study Secure direct access of cron.php file from the browser Previous
View All Blog View All Blog View All
Next Case Study How to Enable 2FA Google Authenticator in Magento 2.3.x Next

How to Enable 2FA Google Authenticator in Magento 2.3.x

By: Ananth Iyer Jan 29th, 2019 4 min to read
blog-banner-how-to-enable-2FA-google-authenticator-in-magento-2.3.x
Table of Contents

In this post, I will be guiding you to enable Two-Factor Authentication (2FA) in Magento 2.3.x version.

The advantage of 2FA:

  1. Higher security to your Magento 2 Admin
  2. Lower down the risk of the data breach.
  3. Give your store more values.

Let’s do it

Introduction

A User friendly two factor authentication was invented and patent by Indian origin: BHASKAR RAGHAV [IN] and KUNAL SHARMA [IN] for the Google Authenticator app. It is the most accepted concept today. Many mobile apps and websites are using it.

TOTP or time base one-time password is used by Google Authenticator that keeps changing the password every 30 seconds. Two users can’t have the same passwords and it is generated randomly.

2FA extension comes pre-installed by the latest Magento 2.3 is built by the MSP team. It is necessary that everyone must enable this out-of-box feature in the M2 Webstore and other login accounts.

How to

Register device with the Magento 2FA login

  • Login to your Magento 2 Store admin
  • On left hand side, click on Stores > Configuration link
  • On the configuration page, browse to the SECURITY > 2FA.
  • Enable the 2FA service of the one of the providers you frequently use. Like I have enabled Google Authenticator.
  • To force all users to use 2FA you must uncheck the “Use system value” of Force providers field and select the Google Authenticator.
  • After I have enabled the 2FA of Google Authenticator then admin will be logout and QR code scan page will be required to register your device.
  • Next step is to scan the above QR code from the Google Authenticator app and provide the 6 digit code in this form then click the Confirm button.
  • On success I will be redirected to the Magento 2 Admin dashboard page.
  • Now my device is registered for 2FA and feels safer now.

Login admin after Magento 2FA setup

  • When you visit the Admin login, you will be asked for username & password.
  • After the login success, you will be asked for the 6 digit number password from the Google Authenticator app.
  • Submit the correct 2FA code & you are logged in the Magento 2 admin.
  • Now you can do your admin things.

Multiple Factor Authentication Setup in 2FA

Surprisingly you can assign users their 2FA app preferences like Google Authenticator, Duo Security, Authy and U2F Devices (Yubikey and others).

Note: For this “Force providers” must check(✔) the “use system value” in the 2FA configuration page.

For that here is the real-world use case:

User Authenticator provider
Main admin Google Authenticator
Shipper Authy
Inventory users Duo Security
Managers and Marketing users U2F USB Authentication device

Disabled the 2FA code in the emergency

  • You can disable the 2FA by below command:
    php bin/magento msp:security:tfa:disable
  • Once you have deployed, tested or done admin operations then you re-enable the 2FA from the admin.

Advantages

  1. Your store is more secure from the hackers who are trying to steal sensitive data.
  2. Only 1 admin account can be shared with multiple users so you have full control over data.
  3. You can assign multiple authentication providers for each user.
  4. Before the 2FA login, an admin account shared the login details with multiple users and if anyone made changes to the data then it was not possible to identify.

Disadvantages

  1. 1 extra step is required to pass for Admin access
  2. You cannot share your admin details to users like developers working remotely. So have to create a new user for them.

    We hope you found this article insightful. Feel free to drop your comments below, and contact us for any help needed in developing the Magento store.
Previous Case Study Secure direct access of cron.php file from the browser Previous
View All Blog View All Blog View All
Next Case Study How to Enable 2FA Google Authenticator in Magento 2.3.x Next
You May also like

Related Blog

how-email-queue-works-in-magento
How does email queue work in Magento?
banner-Add-Custom-Validation-Rule-in-Magento-2
Add Custom Validation Rule in Magento 2
banner-Secure-direct-access-of-cron.php-file-from-the-browser
Secure direct access of cron.php file from the browser

Grow your online business like 4,109 subscribers

    * This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    envelope

    Thank You!

    We are reviewing your submission, and will be in touch shortly.