On a magento2 website, we are using a forced login extension which redirects users to login page if they are not logged in and user can not access any page of the website if user is not logged in.
After installing this extension we are facing an issue related to magento security scan. Our magento is failing the Brute force Scan claiming that our admin is at common URL. When we run the scan with Forced Login disabled , it passes the test.
Is there any way we can pass the test with the exension installed? If we can identify the request is from magento scan or from real user we can customize the extension to pass the test but we are not able to identify it because Magento Security scan seems to be spoofing user agent.
any help will be appreciated.