The introduction of Magento 2 Security extension has opened a new door for business doers, especially Magento online merchants to a safer place in the battle with hackers. With numerous useful features offered by this extension, users are ensured to protect their stores better from being hacked. Among these outstanding features, Blacklist and Whitelist IPs seems to receive much attention from business doers.
Blacklist is a list of IPs which will be blocked when someone trying to log in the store’s admin page. The appearance of Blacklist IPs can remarkably reduce the risk of being signed in by strangers mor malicious hackers.
Whitelist, on the other hand, is a list of IPs which is acceptable to login admin page. Only IPs belonging to the Whitelist IPs have the right to access to the admin page.
In other words, the configuration of Blacklist and Whitelist IPs clearly determines valid or invalid IPs to sign in; consequently reduce dangerous logins from hackers.
Beside restriction from Blacklist IPs, store owners can also set restriction on the number of login attempts for anyone who want to sign in admin page via Brute Force Attack Protection.
First, from Admin Panel, store owners have to navigate Stories > Security > Configuration. Then on the display page, they can easily see General section. Here they need to turn on this extension by selecting Yes in this field.
After that, admins have to navigate Blacklist/ Whitelist IPs section to start configuring.
In this field, all IPs entered here will be forbidden whenever there is someone use them to login. There are several options can be chosen here regarding the number of IPs that will be forbidden. Admins are enabled to enter one IP, multiple IPs, or a range of IPs. In case there is more than one IP is chosen, each IP will be separated with each other by a comma.
Besides, store owners are allowed to enter forbidden IPs which are in form of wildcard as follows: 10.0.0., 10.0.., 10.0.0. - 123.0.0.*, and so on. The symbol * is a variant which its value ranges from 1 to 255.
On the contrary, every IP which exists in Whitelist box has the right to login admin page. Concerning the number of valid IPs can be entered, admins can choose to fill in one IP, several IPs, or various ranges of IPs. If shop admins want to add more values in this field box, they need to use a comma to separate two IPs with each other.
In addition, there are some forms which admins can empower them to login their management page such as 10.0.0., 10.0.., 10.0.0. - 123.0.0.*, and so on. The symbol * is a variant which its value also ranges from 1 to 255.
Store owners need to be careful when they decide to fill in Blacklist and Whitelist as only IPs presented in Whitelist IPs have the right to log in the admin page. Whereas, IP addresses in Blacklist are blocked. However, Blacklist is given the higher priority. It means that a value which is entered in both list, will be blocked.
In case, shop admins mistyping their IP address into Blacklist field will result in their failure in attempt to sign in admin page. In this situation, they need to use command line and to reset their blacklist with the command: “bin/magento security:reset blacklist”. After that, they need to run another command: “bin/magento cache:flush”. Then, shop admins can sign in their admin page freely as all IPs filled in Blacklist IPs are already deleted when reset. It means that, Blacklist IPs filed has no restricted IPs.
Similar to Blacklist, once store owners want to reset their Whitelist IPs, they have to take two commanding actions as follows: “bin/magento security:reset whitelist” and then “bin/magento cache:flush”.
In case, both Blacklist and Whitelist IPs need to be reset, store owners can use the command: “bin/magento security:reset”. After that, both Blacklist and Whitelist field will be left empty.
In conclusion, Blacklist and Whitelist IPs enable users to make a restriction on IPs which are allowed to sign in their admin page. With this function, shop owners can themselves consider and configure carefully to make a strong protection wall for their stores. That is the reason why apprehensive scenario of being hacked is no longer a nightmare for online merchants. Moreover, with Magento 2 Security by Mageplaza, more highlighted features are also provided to significantly contribute to the store protection. Among these features, it will be a mistake if Login Log is not mentioned. If you want to get more detailed information about this great function, refer here:
Jacker is the Chief Technology Officer (CTO) at Mageplaza, bringing over 10 years of experience in Magento, Shopify, and other eCommerce platforms. With deep technical expertise, he has led numerous successful projects, optimizing and scaling online stores for global brands. Beyond his work in eCommerce development, he is passionate about running and swimming.
Related Post
Review 74 Mageplaza extension updates from April 2025, highlighting Magento 2.4.8 compatibility, Hyvä theme support, and enhanced functionalities.
Make sure your store is not only in good shape but also thriving with a professional team yet at an affordable price.
Get Started
