• New
Total Defender
Total Defender
Total Defender
30 days return right
Easy return - no questions asked
Plug & Play Modules
Install, set up and take profit
Dedicated Support First
Priority Help & Satisfaction Over Sales

Total Defender

Complete Security Suite with Firewall, Scanner and Login Protection

€199.00
Tax included

Comprehensive Security & Anti-Spam Protection for PrestaShop

Total Defender is a full-spectrum security suite that protects your PrestaShop store from spam, bots, brute-force attacks, malware, and vulnerabilities. It combines rate limiting, IP management, file integrity monitoring, a web application firewall, email security, backup management, and admin 2FA into one unified module — no external services required.

  • Anti-Spam Protection — honeypot fields, CAPTCHA integration, message filtering, and link validation to block spam submissions
  • Rate Limiting — per-action throttling for cart, registration, contact forms, and comments with automatic IP blocking
  • Bot & Crawler Management — behavioral detection, JS challenges, and crawler whitelisting to separate good bots from bad
  • IP Management — whitelist, blacklist, penalty scoring, TOR exit node detection, and GeoIP-based rules
  • File Integrity Monitoring — baseline snapshots with alerts when core or module files are modified unexpectedly
  • Web Application Firewall — custom rules to block XSS, SQL injection, and other input-based attacks
  • Vulnerability Scanner — checks PrestaShop core, modules, and PHP version against known CVEs
  • Security Headers — CSP generation and violation logging to harden browser-side security
  • Email Security — rate limiting outbound emails, blocking disposable domains, and detecting abuse patterns
  • Backup System — full and incremental backups with scheduling, multiple storage adapters, and restore points
  • Admin 2FA — TOTP-based two-factor authentication for back-office employee accounts
  • Session Tracking — monitor visitor sessions with attribution, page views, UTM parameters, and device detection
  • Audit Logging — complete admin action history with IP addresses, user agents, and timestamps

Compatible with PrestaShop 1.7 through 9.x. One license, lifetime updates, 90 days of dedicated support.

Instant download after purchase
Request Quote
Share
1 viewed
1 watching now

Full-Spectrum Security — Every Attack Vector Covered

PrestaShop stores are high-value targets. They process payment data, store customer personal information, and operate on a well-known open-source platform whose vulnerabilities are publicly catalogued. A store that is not actively hardened is not a question of if it will be attacked — it is a question of when, and whether the attack will succeed.

Security hardening typically requires a combination of server-level configuration, multiple specialist plugins, and ongoing manual monitoring. This complexity means most store owners either do nothing or implement only partial protections. MPR Total Defender provides a single, comprehensive security layer that covers every major attack category — spam, credential attacks, bot traffic, malware, file integrity, web application firewall rules, email security, backup management, two-factor authentication, session security, and audit logging — all from one back-office dashboard.

Total Defender does not replace your server-level security (firewall, fail2ban, etc.) — it complements it with application-layer protections that server tools cannot provide, and visibility into application-layer events that server logs cannot easily surface.

Bot Protection & Rate Limiting

Automated bot traffic is the dominant source of malicious activity on most e-commerce sites. Account credential stuffing, inventory scraping, add-to-cart spam, and checkout abuse all rely on bots capable of making thousands of requests per minute. Rate limiting and bot detection stop these attacks at the application layer.

  • Request Rate Limiting — per-IP and per-session rate limits on critical endpoints (login, account registration, checkout, contact form, review submission)
  • Progressive Penalties — exceeding a rate limit triggers a CAPTCHA challenge; repeat violations trigger temporary IP bans; persistent violators are added to the permanent blocklist
  • Bot Signature Detection — request header analysis identifies known bad-bot user agents and crawler signatures and blocks them before they hit the application stack
  • Honeypot Traps — invisible form fields that only automated clients fill in; any submission triggering a honeypot field is silently dropped and the IP flagged
  • Tor & Proxy Detection — optional blocking of requests originating from Tor exit nodes and known datacenter IP ranges

Brute-Force Protection & Admin Security

Admin account credential attacks are among the most common and most damaging security incidents on PrestaShop stores. A compromised admin account gives an attacker full access to order data, customer PII, and the ability to inject malicious code. Total Defender locks down your admin login with multiple reinforcing layers.

  • Admin Login Rate Limiting — locks an account temporarily after a configurable number of failed login attempts within a sliding time window
  • Two-Factor Authentication (2FA) — TOTP-based 2FA (compatible with Google Authenticator, Authy) for all admin employees or specific employee profiles
  • IP Allowlist for Admin — optionally restrict admin panel access to a whitelist of IP addresses or CIDR ranges; all other IPs receive a 403 response
  • Admin URL Obfuscation — automatically rename the admin directory to a random string, removing the predictable target from automated scanners
  • Suspicious Admin Activity Alerts — email alerts on admin login from a new IP, after-hours admin access, or admin login following multiple failed attempts

Web Application Firewall (WAF)

A Web Application Firewall inspects incoming HTTP requests against a ruleset and blocks requests that match known attack patterns. Total Defender's built-in WAF covers the OWASP Top 10 attack categories relevant to PrestaShop.

  • SQL Injection Detection — request parameter analysis blocks SQL injection attempts before they reach the database layer
  • XSS Protection — Cross-Site Scripting payloads in request parameters are detected and sanitised
  • Path Traversal Blocking — directory traversal sequences in request parameters are detected and blocked
  • Remote File Inclusion — RFI attack patterns in URL parameters are identified and rejected
  • Configurable Rule Sets — enable/disable individual WAF rule categories; set detection to "monitor only" mode for new rules before switching to blocking mode
  • Custom Rules — define custom WAF rules to block specific patterns unique to your threat environment

File Integrity Monitoring & Malware Scanning

Injected malware and modified core files are often invisible during normal store operation — the infection runs quietly in the background, exfiltrating customer data or serving malicious scripts to visitors. File integrity monitoring detects these modifications as they happen.

  • Baseline Snapshot — on first run, computes SHA-256 hashes of all PrestaShop core files and stores them as a trusted baseline
  • Change Detection — scheduled scans compare current file hashes against the baseline and alert on any additions, modifications, or deletions
  • Malware Signature Scanning — scans PHP files for common malware patterns, obfuscated code signatures, and known webshell code fragments
  • PHP File Watch — monitors upload directories and theme directories (common targets for file upload exploits) for newly created PHP files
  • Alert & Quarantine — on detection, sends an immediate email alert with the affected file path and diff; optionally quarantines suspicious files automatically

IP Management, Spam Protection & Audit Logging

Total Defender rounds out its security coverage with IP reputation management, spam protection across all form submission points, and a complete audit trail of security events.

  • IP Blocklist & Allowlist — manage permanent and temporary IP blocks from the back office; import blocklists from external threat intelligence feeds
  • Geoblocking — block all traffic from specified countries at the application layer (useful for stores with no business in specific regions)
  • Contact Form & Review Spam — Akismet-compatible spam detection on contact forms, review submissions, and account registration, with reCAPTCHA integration
  • Email Security — outgoing PrestaShop transactional emails include SPF/DKIM compliance headers; admin email addresses are protected from harvesting by obfuscation
  • Audit Log — every security event (blocked request, failed login, WAF match, file change detection, admin login, 2FA event) is logged with full context for forensic review
  • Session Tracking — concurrent session detection and session fixation protection for both customer and admin sessions

Why is this module unique?

  • Full-spectrum coverage in a single module — bot protection, brute-force prevention, 2FA, WAF, file integrity monitoring, malware scanning, spam filtering, IP management, and audit logging are all included
  • TOTP-based 2FA for admin employees is a significant security upgrade typically requiring a separate module or server-side configuration
  • File integrity monitoring with baseline snapshots detects server-side compromises that no front-end security tool can see
  • Progressive penalty system (CAPTCHA → temporary ban → permanent block) is more effective than simple IP banning while being less disruptive to legitimate users who trigger limits by mistake
  • Comprehensive audit log with full request context enables incident forensics, compliance reporting, and the detection of low-and-slow attacks that individual event alerts would miss

Use Cases

  • GDPR-Obligated Stores — file integrity monitoring, audit logging, and session tracking support GDPR Article 32 technical security obligations and breach detection requirements
  • High-Value Stores — stores processing significant transaction volumes are priority targets; Total Defender provides the layered defences that match the threat level
  • Stores After an Incident — if you have experienced a past security incident, Total Defender provides the visibility and active protections needed to prevent recurrence
  • PCI-DSS Compliance — WAF, file integrity monitoring, admin 2FA, and audit logging directly support multiple PCI-DSS requirements
  • Agencies Managing Multiple Stores — single-module deployment means consistent security configuration across all managed client stores
  • Reference
    mprtotaldefender
  • In stock
    999 Items
  • PrestaShop Compatibility
    PS 1.7 – 9.x
  • Pricing Model
    One-time Purchase
  • Module Type
    Front & Back-office
  • GDPR Relevant
    Yes
  • Business Goal
    Streamline Operations
  • External Account Needed
    No
  • Module Complexity
    Complete Solution
  • Customer Journey Stage
    Manage Store
  • Works With Platform
    No External Platform
0.0
0 reviews
5 ★
0
4 ★
0
3 ★
0
2 ★
0
1 ★
0

No reviews yet. Be the first to leave a review!

Write a Review

Rate specific aspects (optional)
Quality
Price / Quality
Stability
Compatibility
Support
30 days return right
Easy return - no questions asked
Plug & Play Modules
Install, set up and take profit
Dedicated Support First
Priority Help & Satisfaction Over Sales

More From This Category

Back to top