Starts with the official support end of Shopware 5
(August 2024)

safefive security plugin configuration

Table Of Contents

Enable two-factor authentication (2FA) for admin accounts.

Please follow these steps to activate two-factor authentication for an admin account in Shopware 5:

  1. In the Shopware 5 backend, navigate to SettingsUser Management.
  2. Open a user for editing.
  3. The user form will display a QR code for setting up two-factor authentication..
    • Scan this QR code with an authentication app or, alternatively, add the secret key displayed manually.
  4. Enter the one-time password generated by the authentication app in the field provided.
  5. Click Save to complete the activation.

2 factor authentication configuration

After successful activation, each time you log in to the Shopware 5 admin backend, a 2FA query will be performed via the authentication app in addition to the password.

2 factor authentication OTP input field

Enable / Disable Feature Flags

After a security update, certain features may no longer interact as expected with specific plugins or third-party services in some setups. To ensure smooth operation, we recommend thoroughly testing all critical areas of your shop after each update to confirm that everything is functioning as intended.


If you encounter any issues, you can temporarily disable individual features and then test again.


Got to Plugin → Safefive Security Plugin → Configuration → Security Settings to use our feature flags to easily turn specific functions on or off.

configuration safefive security plugin


Each feature can be easily enabled or disabled using the corresponding slider — depending on your needs and the compatibility of your system environment.

Some updates include additional configuration options. For instance, update ‘SFIN-47: Make cookie settings more restrictive’ lets you adjust the SameSite attribute for cookies. Using stricter security settings is generally recommended, as they provide a higher level of protection.

In some cases, however, stricter settings may lead to functional limitations — particularly with:

  • Payment providers
  • Single sign-on services (e.g., Facebook, Google, Amazon)
  • Custom-built SSO solutions

If you experience such limitations, you can enhance compatibility with affected services by either disabling individual features or adjusting the SameSite setting from ‘Strict’ to ‘Lax’.

It is generally recommended to check that all essential processes in your shop continue to function smoothly after an update. Preferably, use a staging environment — a test setup that closely replicates your live system and allows you to simulate real-world conditions. The goal is to identify potential issues before they affect your live operations

Make sure to especially check the following:

  • Order process
  • Contact form
  • Registration and login
  • Product search
  • Payment methods and shipping options

Keep in mind that payment providers and other third-party services might work differently in the live system than in test environments — or may only be active on the live system.


Make sure that automated processes like email notifications and cron jobs are running as expected. For example, check order confirmations and shipping notifications.

Some updates contain additional settings options. With the update “SFIN-47: Make cookie settings more restrictive”, for example, you can adjust the SameSite setting for cookies. The stricter security settings generally offer a higher level of protection and should be used preferentially.

⚠️ In certain cases, however, functional restrictions may occur, particularly with:

  • Payment providers
  • Single sign-on services (e.g., Facebook, Google, Amazon)
  • Proprietary SSO solutions

If such restrictions occur, in addition to disabling individual features, you can also change the SameSite=Strict setting to SameSite=Lax to improve compatibility with affected services.

Testing functionality and performing tests after an update

It is generally recommended to check after an update that all central processes in the shop continue to function smoothly. It is best to use a staging environment (test environment) – this is as exact a copy of your live system as possible, in which real conditions can be simulated. The aim is to identify potential errors before they affect ongoing operations.

In particular, check the following:

  • Order process
  • Contact form
  • Registration and login
  • Product search
  • Payment methods and shipping options

Please note that payment providers and other third-party services may behave differently in the live system than in test environments – or may not even be active there at all.

Ensure that automatic processes such as email notifications and cron jobs run as expected. For example, check order confirmations and shipping notifications.

Learn more and stay up to date? Subscribe to our newsletter!

    We collect your email address to send you emails about services from time to time.
    By providing your email address, you agree to our Privacy Policy.

    Scroll to Top