...
There are several ways anyone, whatever the technical level, can enhance the safety of his/her PrestaShop install.
Here are few eayseasy-to-apply tips.
Table of Contents |
---|
Always use the latest version of PrestaShop
That's a given, really. A new version , but it bears repeating. New versions of PrestaShop contains new features, improvements and bugfixes, but and among those might also be some security improvements and fixes.
...
Establishing a basic authentication on the back office folder requires adding a .htaccess
and a .htpasswd
file. Both are simple text files with not nameswithout a name, only an extension.
Tip |
---|
In windowsWindows, you cannot easily create a file with no name. There are two easy ways to solve this:
|
One of the aims of the .htaccess
file is to protect your folders and all of its sub-folders (read http://en.wikipedia.org/wiki/Htaccess). It only works on Apache servers. Make sure your web server is Apache before creating a .htaccess
file: ask your host!
To achieve basic authentication on your back office protect a folder, you need to add a .htaccess
file in put those two files at the root of that folder (for instance, through your FTP software, in /var/www/prestashop/admin123456
or maybe /public_html/prestashop/admin123456
).
...
- Always delete the
/install
folder after having installed or updated PrestaShop. - Always delete useless files from production server:
- The README.md file.
- The CONTRIBUTING.md and CONTRIBUTORS.md files.
- The
/docs
folder and all its content.
...
Your applications' PHP code is the only vulnerable path to your server. It is therefore strongly recommended to always update your server's applications: PHP, MySQL, Apache and any other application on which your website runsweb hosting.