Child pages
  • Making your PrestaShop installation more secure

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

There are several ways anyone, whatever the technical level, can enhance the safety of his/her PrestaShop install.

Here are few eayseasy-to-apply tips.

Table of Contents

Always use the latest version of PrestaShop

That's a given, really. A new version , but it bears repeating. New versions of PrestaShop contains new features, improvements and bugfixes, but and among those might also be some security improvements and fixes.

...

Establishing a basic authentication on the back office folder requires adding a .htaccess and a .htpasswd file. Both are simple text files with not nameswithout a name, only an extension.

Tip

In windowsWindows, you cannot easily create a file with no name. There are two easy ways to solve this:

  • You can name the file htaccess.txt, then upload it to your FTP server, and there rename it to .htaccess.
  • A Windows trick is to name the file with a dot on each side of its name: ".htaccess.". Windows will automatically change the name to the correct ".htaccess".

One of the aims of the .htaccess file is to protect your folders and all of its sub-folders (read http://en.wikipedia.org/wiki/Htaccess). It only works on Apache servers. Make sure your web server is Apache before creating a .htaccess file: ask your host!

To achieve basic authentication on your back office protect a folder, you need to add a .htaccess file in put those two files at the root of that folder (for instance, through your FTP software, in /var/www/prestashop/admin123456 or maybe /public_html/prestashop/admin123456).

...

  1. Always delete the /install folder after having installed or updated PrestaShop.
  2. Always delete useless files from production server:
    1. The README.md file.
    2. The CONTRIBUTING.md and CONTRIBUTORS.md files.
    3. The /docs folder and all its content.

...

Your applications' PHP code is the only vulnerable path to your server. It is therefore strongly recommended to always update your server's applications: PHP, MySQL, Apache and any other application on which your website runsweb hosting.