Instant protection against SessionReaper (CVE-2025-54236) attacks?
Use coupon SESSIONREAPER to use our advanced WAF one month free of charge
Real-time Protection for Magento
Protect your store from all known Magento attacks.* Save thousands in developer time. Avoid downtime and instability from rushed patching.
Unlike traditional WAFs that rely on generic rules, Sansec Shield deeply integrates with Magento and benefits from Sansec's famous expertise in Magento security. This makes our WAF the most effective solution to protect your Magento store.
Hack Protection Guarantee
We guarantee your store won't be hacked while Shield is active. See FAQ below for guarantee conditions and requirements.
Postpone patches — or skip altogether
No more emergency weekend deployments or rushed fixes that could break your store.
Instant Threat Protection
Block critical vulnerabilities as soon as they're discovered. Our threat intelligence network detects and stops emerging attacks.
Installation
The Shield composer module requires Magento 2.3+, PHP 7.2+ and a Sansec Advanced or Enterprise license key.
# Install Shield module
composer require sansec/magento2-module-shield
# Configure Magento
bin/magento setup:upgrade
bin/magento config:set sansec_shield/general/license_key YOURKEY
bin/magento cache:clean
# Sync protection rules
bin/magento sansec:shield:sync-rulesTest it by visiting your store and add ?SANSEC-SHIELD-TEST to your URL.
You'll see your first blocked attack appear instantly on your Shield Dashboard.
Shield vs Adobe Fastly WAF
| Sansec Shield | Adobe Fastly WAF | |
|---|---|---|
| Origin Protection | ✅ Bypass not possible | ❌ CDN, bypass possible Direct integration with your application provides superior protection compared to CDN WAF solutions, which can be bypassed if attackers discover your origin servers. |
| Response Time to New Threats | ✅ Minutes | ❌ Weeks Adobe Commerce WAF is updated irregularly. When the CosmicSting bug was published on June 11th, Adobe did not implement WAF filters until 5 weeks later. Mass-attacks had been ongoing by then and dozens of Adobe Commerce stores got hacked. |
| Performance Impact | ✅ 0 ms | ❌ 1.5 - 20 ms |
| Setup Complexity | ✅ Simple Module Install | ❌ Complex Setup |
| False Positives | ✅ None | ❌ Yes |
| Filtering Transparency | ✅ Full Open Source | ❌ Mostly Closed Source |
| Supports | Adobe Cloud, Adobe Commerce, Magento Open Source | Adobe Cloud only |
Save Thousands in Dev Costs
Each patch takes a day. Shield protects you while you postpone — saving up to $5,000/year per store.
Magento-Exclusive Protection
Generic WAFs miss platform-specific threats. Shield doesn't — we know Magento better than anyone.
Built for Stability
No more rushed updates, staging bugs, or patch regressions. Shield keeps your stack calm and secure.
* Sansec Shield protects against all Magento-level attack methods previously identified by Sansec. Should a new attack bypass Shield, Sansec will investigate and perform a cleanup free of charge. The guarantee requires an active Advanced or Enterprise license, the latest Shield module, and standard security hygiene. It does not cover third-party software, stolen credentials, or attacks via non-web channels. See full conditions below.
Frequently Asked Questions
★Who can use Sansec Shield?
Sansec Shield is available for Adobe Commerce and Magento 2 stores with our Advanced plan or higher. Compatible with Magento Open Source and Adobe Commerce, including Adobe Cloud.
★Do I still need eComscan?
Yes. Sansec Shield protects against web traffic attacks, but attacks can come through other channels like compromised SSH accounts, hijacked devices, or non-Magento applications. Shield and eComscan work together to provide complete security coverage.
★We use Cloudflare WAF. Is Sansec Shield recommended and compatible?
Yes to both! Cloudflare is a generic WAF that doesn't cover Magento-specific attack vectors (like the recent CVSS 9.4 vulnerability). Keep Cloudflare in place - there's no downside to using both simultaneously.
★Does Sansec Shield impact store performance?
No. Shield has zero performance impact through efficient pattern matching, direct Magento cache integration, selective request analysis, and sub-millisecond processing times.
★How quickly are new threats added to protection rules?
Our global threat detection network identifies and distributes new protection rules within minutes of detecting attack patterns. All rules are automatically verified and deployed without manual intervention.
★How does Sansec Shield prevent false positives?
Shield only blocks actual attack probes - no secondary criteria like "suspect networks" or "suspicious user agents". Our Magento expertise means we know exactly what attacks look like. New detection rules are validated against hundreds of real stores before deployment.
★How quickly can we disable Sansec Shield?
No customer has ever needed to disable Shield, but if required, you can instantly disable it with this command (works on Adobe Cloud): bin/magento config:set sansec_shield/general/enabled 0
★What are the guarantee conditions?
Sansec Shield protects your store against all Magento attack methods that Sansec has previously identified. Should your store be compromised by a new Magento-level attack despite Shield being active, Sansec will investigate and perform a cleanup free of charge. This guarantee applies provided that:
- You have a valid Sansec Advanced or Enterprise license and run a supported version of Magento (v2.3+).
- You are running the latest version of the Sansec Shield module.
- You have changed your admin and database credentials since any previous attack.
- You have changed your encryption key since any previous attack.
- You enforce multi-factor authentication for staff accounts.
Our guarantee does not cover:
- Third-party applications and extensions (such as WordPress) running on the same server
- Attacks via secondary channels such as SSH, FTP, or compromised hosting accounts
- Abuse of stolen credentials or social engineering
