M
PackageMaven Submit

The Home for Magento 2 Excellence

Quality-tested Magento 2 modules. Explore. Evaluate. Elevate. #magento2

1090 Modules
628 Ready
462 Need Help
🏆 Leaderboard
Stale v2.1.1

Magento 2 Admin Restriction (IP Whitelist + 2FA)

vendic/magento2-adminrestriction

Restricts Magento backend access by IP address or CIDR range and integrates with Magento's two-factor authentication, letting whitelisted IPs skip 2FA while others are challenged. Includes CLI commands for emergency access recovery.

Security & Compliance Administration & Backend
3,471
Downloads
Below average
2
GitHub Stars
Below average
1y ago
Last Release
0
Open Issues
Build Passing
Ready to install

Build Tests

Composer Install
DI Compile
Templates

Code Quality

CS Coding Standard
1 error , 35 warnings
L1 PHPStan

Tested on Magento 2.4.9

Recent Test History

Each release is tested against the latest Magento version at that time.

v2.1.1 on Magento 2.4.9
Jun 3, 2026
GitHub Repository
Source code & docs
Packagist
Version history
Issues & Support
Get help or report bugs

Top Contributors

View Leaderboard
Tjitse-E
Tjitse-E
15 contributions
MaximGordin1
MaximGordin1
4 contributions

Share This Module's Status

Magento 2 Admin Restriction (IP Whitelist + 2FA) Magento compatibility status badge

README

Loaded from GitHub

Magento 2 Admin Restriction

Protect your Magento backend by restricting access based on IP addresses.

This module provides comprehensive admin security by working with Magento's Two-Factor Authentication (2FA) system:

  • Without 2FA enabled: Access is only allowed from whitelisted IPs
  • With 2FA enabled:
    • Users on whitelisted IPs can login without using 2FA
    • Users from non-whitelisted IPs are prompted for 2FA verification

Originally forked from magespecialist/m2-MSP_AdminRestriction

Why this fork?

This fork is maintained by Vendic to:

  1. Add compatibility with Magento's Two-Factor Authentication
  2. Provide ongoing maintenance and updates
  3. Ensure the module continues to work with recent Magento 2 versions

Installation

1. Install using composer

composer require vendic/magento2-adminrestriction

2. Enable and configure from your Magento backend config

Configuration

The module allows you to:

  • Enable/disable IP restrictions
  • Define a comma-separated list of allowed IPs or CIDR notations (e.g., 127.0.0.1,192.168.0.0/24)

Two-Factor Authentication Integration

This module intelligently integrates with Magento's 2FA capabilities:

IP Status 2FA Status Behavior
On whitelist 2FA disabled Access granted
On whitelist 2FA enabled Access granted without 2FA prompt
Not on whitelist 2FA disabled Access denied
Not on whitelist 2FA enabled 2FA verification required

Emergency Command Line Access

If you've accidentally locked yourself out of the admin panel, you can use these commands:

Disable IP restrictions completely:

php bin/magento msp:security:admin_restriction:ip disable

Add new IP addresses to the whitelist:

php bin/magento msp:security:admin_restriction:ip 127.0.0.1,192.168.0.0/24

Maintenance

This module is actively maintained by Vendic. Issues and pull requests are welcome on our GitHub repository.

This content is fetched directly from the module's GitHub repository. We are not the authors of this content and take no responsibility for its accuracy, completeness, or any consequences arising from its use.

Back to All Modules