PHPackages                             sansec/magento2-module-shield - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. sansec/magento2-module-shield

ActiveMagento2-module[Security](/categories/security)

sansec/magento2-module-shield
=============================

1.0.25(1mo ago)15190.4k↓38.5%3MITPHPPHP &gt;=7.2CI passing

Since Feb 7Pushed 4w ago9 watchersCompare

[ Source](https://github.com/sansecio/magento2-module-shield)[ Packagist](https://packagist.org/packages/sansec/magento2-module-shield)[ RSS](/packages/sansec-magento2-module-shield/feed)WikiDiscussions main Synced 2d ago

READMEChangelogDependencies (4)Versions (52)Used By (0)

Sansec Shield
=============

[](#sansec-shield)

Requires Magento 2.3+, PHP 7.2+ and an [eComscan account](https://sansec.io/pricing) (Advanced or up).

Installation
------------

[](#installation)

```
composer require sansec/magento2-module-shield
bin/magento setup:upgrade
bin/magento config:set sansec_shield/general/license_key
bin/magento sansec:shield:sync-rules
```

Configuration
-------------

[](#configuration)

You can configure your license key and other settings via System → Configuration → Security → Sansec Shield.

### Whitelisted IP addresses

[](#whitelisted-ip-addresses)

IPs listed under *Whitelisted IP Addresses* bypass all Shield checks. Matching is performed against the connecting peer (`REMOTE_ADDR`) only; proxy-forwarded headers such as `X-Forwarded-For` and `CF-Connecting-IP` are intentionally ignored because they are client-controlled and can be spoofed.

If your store sits behind a reverse proxy or CDN, configure your webserver to rewrite the trusted proxy header into `REMOTE_ADDR` ([`ngx_http_realip_module`](https://nginx.org/en/docs/http/ngx_http_realip_module.html) on nginx, [`mod_remoteip`](https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html) on Apache). Once `REMOTE_ADDR` reflects the real client IP, the whitelist will match it correctly.

Testing &amp; live reports
--------------------------

[](#testing--live-reports)

Test it by visiting your store and add `?SANSEC-SHIELD-TEST` to your URL, it should give you "permission denied". You'll see your first blocked attack appear instantly on your [Shield Dashboard](https://dashboard.sansec.io/d/account/shield). If you do not want reports, you can disable it with:

```
bin/magento config:set sansec_shield/general/report_enabled 0
```

You can always view detailed logs in `var/log/sansec_shield.log`.

See for FAQs [our Shield guide](https://sansec.io/shield).

Cron
----

[](#cron)

Shield rules update automatically through the standard Magento cron mechanism. If you are running a standard cron setup (`bin/magento cron:run`), no further action is required.

If you only run specific cron groups (`bin/magento cron:run --group `), make sure to include a cron for the `sansec` group as well.

You can verify Shield rules sync every 5 minutes in `var/log/sansec_shield.log`.

Upgrading
---------

[](#upgrading)

The Sansec Shield module is deliberately kept stable and there is no need to monitor for updates. If an essential new version is released, we will notify you via email.

To check your current version:

```
composer show sansec/magento2-module-shield
```

To upgrade to the latest version:

```
composer require sansec/magento2-module-shield:^1.0
bin/magento setup:upgrade
```

Troubleshooting
---------------

[](#troubleshooting)

### "Please enable the module and configure the license key"

[](#please-enable-the-module-and-configure-the-license-key)

If you get this error when running `bin/magento sansec:shield:sync-rules`, even though the license key is already configured, flush the Magento cache:

```
bin/magento cache:flush
```

Then retry the sync command.

### "There are no commands defined in the sansec:shield namespace"

[](#there-are-no-commands-defined-in-the-sansecshield-namespace)

Run the Magento dependency injection compiler:

```
bin/magento setup:di:compile
```

### Composer upgrades unrelated packages during installation

[](#composer-upgrades-unrelated-packages-during-installation)

Shield's only dependency is `magento/framework`, so it will not pull in or force any additional upgrades. If you see many packages being upgraded, your `vendor/` directory was out of sync with `composer.lock`. Running `composer require` synced your vendor directory to match.

To avoid this, revert `composer.lock` to a version that matches your current vendor directory before installing Shield:

```
git checkout composer.lock
composer require sansec/magento2-module-shield
```

If installing via Composer is not an option, you can copy the source files directly into `app/code/Sansec/Shield`, though you will need to handle updates manually from that point on.

### Cron job not running on symlink-based deployments

[](#cron-job-not-running-on-symlink-based-deployments)

Magento's `cron:install` resolves symlinks to their real path, so after a new deployment the crontab still points to the old release directory. Ensure that the crontab uses your stable symlink (e.g. /data/web/current/bin/magento) instead.

License
-------

[](#license)

Sansec Shield is published under the liberal [MIT license](./LICENSE).

###  Health Score

53

—

FairBetter than 96% of packages

Maintenance93

Actively maintained with recent releases

Popularity44

Moderate usage in the ecosystem

Community17

Small or concentrated contributor base

Maturity46

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 83.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~10 days

Recently: every ~24 days

Total

46

Last Release

43d ago

Major Versions

0.1.19 → 1.0.02025-03-20

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/743661?v=4)[Daniel Sloof](/maintainers/danslo)[@danslo](https://github.com/danslo)

---

Top Contributors

[![danslo](https://avatars.githubusercontent.com/u/743661?v=4)](https://github.com/danslo "danslo (177 commits)")[![gwillem](https://avatars.githubusercontent.com/u/1145479?v=4)](https://github.com/gwillem "gwillem (25 commits)")[![SKevo18](https://avatars.githubusercontent.com/u/39010496?v=4)](https://github.com/SKevo18 "SKevo18 (7 commits)")[![convenient](https://avatars.githubusercontent.com/u/600190?v=4)](https://github.com/convenient "convenient (2 commits)")[![SamJUK](https://avatars.githubusercontent.com/u/7872420?v=4)](https://github.com/SamJUK "SamJUK (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/sansec-magento2-module-shield/health.svg)

```
[![Health](https://phpackages.com/badges/sansec-magento2-module-shield/health.svg)](https://phpackages.com/packages/sansec-magento2-module-shield)
```

###  Alternatives

[fastly/magento2

Fastly CDN Module for Magento 2.4.x

1564.4M1](/packages/fastly-magento2)[imi/magento2-friendly-captcha

Friendly Captcha integration for Magento2

19131.4k](/packages/imi-magento2-friendly-captcha)[veriteworks/cookiefix

Magento2 extension for Cookie SameSite attribute.

65482.3k1](/packages/veriteworks-cookiefix)[myparcelnl/magento

A Magento 2 module that creates MyParcel labels

1860.2k](/packages/myparcelnl-magento)[pixelopen/magento-cloudflare-turnstile

Protect your store from spam messages and spam user accounts with Cloudflare Turnstile

5430.7k1](/packages/pixelopen-magento-cloudflare-turnstile)[yireo/magento2-csp-whitelist-inline-js

Magento module to automatically add inline JS script to CSP whitelist

2985.0k](/packages/yireo-magento2-csp-whitelist-inline-js)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
