Chapters Close

How to install Magento SUPEE-11086 patch

Mar 26th, 2019 2 min to read

In this post, I will be guiding you on how to install Magento SUPEE 11086 patch.

The security patch SUPEE-11086 contains multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.

You can find more details from Magento Release notes for SUPEE 11086.

Follow below steps to install Magento SUPEE-11086 patch on your store.

Step-1: Download the patch file

Download the Magento SUPEE-11086 Patch files for your Magento Version from https://magento.com/tech-resources/download#download2287.

Step-2: Install the patch

Upload the patch into your Magento root directory and run the appropriate SSH command.

Connect to your SSH console and go to your root directory and run the below command.

For patch file with .sh file extension:

<pre><code class="bash">sh patch_file_name.sh</code></pre>

You have to replace patch_file_name with your patch file name.

For example:

<pre><code class="bash">sh PATCH_SUPEE-11086_CE_1.9.4.0_v1-2019-03-26-03-05-04.sh</code></pre>

For patch file with .patch file extension:

patch -p0 < patch_file_name.patch

How to revert a patch?

If you are facing some issue after applying the patch and now you want to revert back the changes. Then run bellow SSH command to revert your patch.

<pre><code class="bash">sh patch-file-name.sh -R</code></pre>

Thanks for reading!  🙂

How to Enable 2FA Google Authenticator in Magento 2.3.x

Jan 29th, 2019 3 min to read

In this post, I will be guiding you to enable Two-Factor Authentication (2FA) in Magento 2.3.x version.

The advantage of 2FA:

  1. Higher security to your Magento 2 Admin
  2. Lower down the risk of the data breach.
  3. Give your store more values.

Let’s do it

Introduction

A User friendly two factor authentication was invented and patent by Indian origin: BHASKAR RAGHAV [IN] and KUNAL SHARMA [IN] for the Google Authenticator app. It is the most accepted concept today. Many mobile apps and websites are using it.

TOTP or time base one-time password is used by Google Authenticator that keeps changing the password every 30 seconds. Two users can’t have the same passwords and it is generated randomly.

2FA extension comes pre-installed by the latest Magento 2.3 is built by the MSP team. It is necessary that everyone must enable this out-of-box feature in the M2 Webstore and other login accounts.

How to

Register device with the Magento 2FA login

  • Login to your Magento 2 Store admin
  • On left hand side, click on Stores > Configuration link
  • On the configuration page, browse to the SECURITY > 2FA.
  • Enable the 2FA service of the one of the providers you frequently use. Like I have enabled Google Authenticator.
  • To force all users to use 2FA you must uncheck the “Use system value” of Force providers field and select the Google Authenticator.
  • After I have enabled the 2FA of Google Authenticator then admin will be logout and QR code scan page will be required to register your device.
  • Next step is to scan the above QR code from the Google Authenticator app and provide the 6 digit code in this form then click the Confirm button.
  • On success I will be redirected to the Magento 2 Admin dashboard page.
  • Now my device is registered for 2FA and feels safer now.

Login admin after Magento 2FA setup

  • When you visit the Admin login, you will be asked for username & password.
  • After the login success, you will be asked for the 6 digit number password from the Google Authenticator app.
  • Submit the correct 2FA code & you are logged in the Magento 2 admin.
  • Now you can do your admin things.

Multiple Factor Authentication Setup in 2FA

Surprisingly you can assign users their 2FA app preferences like Google Authenticator, Duo Security, Authy and U2F Devices (Yubikey and others).

Note: For this “Force providers” must check(✔) the “use system value” in the 2FA configuration page.

For that here is the real-world use case:

User Authenticator provider
Main admin Google Authenticator
Shipper Authy
Inventory users Duo Security
Managers and Marketing users U2F USB Authentication device

Disabled the 2FA code in the emergency

  • You can disable the 2FA by below command:
    php bin/magento msp:security:tfa:disable
  • Once you have deployed, tested or done admin operations then you re-enable the 2FA from the admin.

Advantages

  1. Your store is more secure from the hackers who are trying to steal sensitive data.
  2. Only 1 admin account can be shared with multiple users so you have full control over data.
  3. You can assign multiple authentication providers for each user.
  4. Before the 2FA login, an admin account shared the login details with multiple users and if anyone made changes to the data then it was not possible to identify.

Disadvantages

  1. 1 extra step is required to pass for Admin access
  2. You cannot share your admin details to users like developers working remotely. So have to create a new user for them.

Grow your online business like 3,937 subscribers

    * This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    envelope

    Thank You!

    We are reviewing your submission, and will be in touch shortly.