PrestaShop 1.5
Child pages
  • System Administrator Guide

Versions Compared

Old Version 9

changes.mady.by.user Xavier Borderie

Saved on

compared with

New Version 10

changes.mady.by.user Xavier Borderie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Secure your back-office
    1. Rename your /admin folder after the PrestaShop installation. This is a must, and you actually cannot access your PrestaShop administration if you haven't performed that change. Make sure to pick a really unique name, ideally a mix of letter and number, such as "my4dm1n".
    2. Protect your admin folder with the .htaccess and .htpasswd files, or ask your web host to do it for you.
    3. Do not let your browser keep traces of your password (cookie or any other helper).

    4. Pick a complex password, by mixing letters, numbers and even punctuation marks, such as "5r3XaDR#". You can and should use a password generator, such as Symantec's (http://www.pctools.com/guides/password/) or GRC's (https://www.grc.com/passwords.htm).

      Tip

      Safer than a password: you can use a passphrase. Not only is a passphrase easier to remember, but it is also much harder to crack, even when the hacker is using automatic tools (brute force attack or dictionary attack).

      A passphrase only needs to be long and easy to remember for you. Any popular saying should do ("Don’t Throw the Baby Out with the Bathwater"), but an absurd phrase will have even less risk of being discovered by a hacker. For instance, "Many reckless drivers confuse tractor with record sleeves".

      There are some good passphrase generators online, which help you get a unique phrase for you only. For instance: http://passphra.se/ or http://www.fourmilab.ch/javascrypt/pass_phrase.html.

      PrestaShop's passwords are not limited in either number of characters or types of characters.

  2. Securing your PHP installation
    1. See the required and recommended PHP settings, at the beginning of this very guide.
  3. Always delete the /install folder after having installed or updated PrestaShop
  4. Always delete useless files from production server:
    1. all readme_xx.txt files.
    2. the CHANGELOG file.
    3. the /docs folder.

  5. Forbid access to your theme's files/templates, using a .htaccess file with the following content:

    Code Block
    languagenone
    <FilesMatch "\.tpl$">
order deny,allow
deny from all
</FilesMatch>

...