Disable the auto complete feature for logins
PCI Compliance may require you to disable the autocomplete function of your front-end login box. This is to prevent a hacker from being able to find out the user’s password if the attacker gains physical access to the user’s machine or exploits the machine remotely through some other vulnerability.
To achieve this we will create a mod_login template override. Start by logging into the back-end with your admin account.
- Go to Extensions > Templates.
- Select Templates in the left pane.
- Click your Template name Details and Files.
- Select the Create Overrides tab.
- Click mod_login in the Modules section.
The required override files have now been copied to /templates/yourTemplate/html/mod_login/.
For each input tag line, add autocomplete="off". There seems to be 4 <input> tags.
<input id="modlgn-username" autocomplete="off" ...
Thanks for visiting.