Child pages
  • System Administrator Guide

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of contents

Table of Contents
maxLevel3

...

System Administrator Guide

...

In short, it is imperative to have the following directives set to the indicated values:

Code Block
html
html

extension = php_mysql.dll
extension = php_gd2.dll
allow_url_fopen = On

...

In short, it is highly recommended to have the following directives set to the indicated values:

Code Block
html
html

register_globals = Off
magic_quotes_gpc = Off
allow_url_include = Off

...

Thus, if you have access to a master MySQL account that can create other users, here's how you could do it using the command line:

Code Block
html
html

mysql -u USERNAME -p PASSWORD

You could also use the following SQL query:

Code Block
html
html

mysql> USE mysql;
mysql> CREATE USER 'username'@'servername' IDENTIFIED BY 'new_password';

...

We need to allow this user to use the 'prestashop' database, and configure his rights at the same time. Here is a template for the SQL query to do that:

Code Block
html
html

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER
     > ON 'prestashop'.* TO 'new_user'@'localhost';
mysql> FLUSH PRIVILEGES;

...

To achieve basic authentication on your admin folder, we need to add a .htaccess file in that folder (for instance, /var/www/prestashop/admin):

Code Block
html
html

AuthUserFile /var/www/.prestashop_admin
AuthName "Prestashop Admin Access"
AuthType Basic
Require valid-user
Options -Indexes

...

Here is a sample content for the .prestashop_admin file, with a login and a password:

Code Block
html
html

login1:$apr1$/wJeliK8$e9OzgRaVL8J8wSsFBXjor1
login2:$apr1$yV65Kqqz$cFt3sV2.Q7hhLRRUJDo5a/

...

It is also possible to perform IP and domain restrictions using your .htaccess file:

Code Block
html
html

Order Allow, Deny
Deny from all
Allow from .myprestashop.com
Allow from 127.0.0.1

However, you should not put this kind of directive:

Code Block
html
html

<LIMIT GET POST>
Require valid-user
</LIMIT>

...

  1. Secure your back-office
    1. Rename your /admin folder after the PrestaShop installation. This is a must, and you actually cannot access your PrestaShop administration if you haven't performed that change. Make sure to pick a really unique name, ideally a mix of letter and number, such as "my4dm1n".
    2. Protect your admin folder with the .htaccess and .htpasswd files, or ask your web host to do it for you.
    3. Do not let your browser keep traces of your password (cookie or any other helper).
    4. Pick a complex password, by mixing letters, numbers and even punctuation marks, such as "5r3XaDR#". You can and should use a password generator, such as PCTools's or GRC's.
  2. Securing your PHP installation
    1. See the required and recommended PHP settings, at the beginning of this very guide.
  3. Always delete the /install folder after having installed or updated PrestaShop
  4. Always delete useless files from production server:
    1. all readme_xx.txt files.
    2. the CHANGELOG file.
    3. the /docs folder.
  5. Forbid access to your theme's files/templates, using a .htaccessfile with the following content:

    Code Block
    html
    html
    
    <FilesMatch "\.tpl$">
    order deny,allow
    deny from all
    </FilesMatch>
    

...

  • Enable MySQL's cache (or ask your web host to do it for you), and give it a high value (for instance, 256M).
  • Do not forget to put the $smarty->force_compile to "false" when in production mode, either via the smarty.inc.php file or the back-office.
  • Whenever possible, use an opcode cache (or ask your web host to install one for you), in order to alleviate the server's processing load. PrestaShop is compatible with eAccelerator. Opcode means "operation code", and defines the compiled state of the dynamic files, which can processed faster.
  • If possible, split your static elements betweens different domains and sub-domains, in order to get parallel HTTP connexions. To put that in place, open the /config/defines.inc.phpfile and add these lines (adapted to your needs):

    Code Block
    html
    html
    
    if ( $_SERVER['REMOTE_ADDR'] != '127.0.0.1' )
    {
      define( '_THEME_IMG_DIR_',   'http://img2.xxx.com/'       );
      define( '_THEME_CSS_DIR_',   'http://css.xxx.com/'        );
      define( '_THEME_JS_DIR_',    'http://js.xxx.com/'         );
      define( '_THEME_CAT_DIR_',   'http://img1.xxx.com/c/'     );
      define( '_THEME_PROD_DIR_',  'http://img1.xxx.com/p/'     ); 
      define( '_THEME_MANU_DIR_',  'http://img1.xxx.com/m/'     ); 
      define( '_PS_IMG_',          'http://img1.xxx.com/'       ); 
      define( '_PS_ADMIN_IMG_',    'http://img1.xxx.com/admin/' ); 
    } else { 
      define( '_THEME_IMG_DIR_',   _THEMES_DIR_ . _THEME_NAME_ . '/img/' ); 
      define( '_THEME_CSS_DIR_',   _THEMES_DIR_ . _THEME_NAME_ . '/css/' ); 
      define( '_THEME_JS_DIR_',    _THEMES_DIR_ . _THEME_NAME_ . '/js/'  ); 
      define( '_THEME_CAT_DIR_',   __PS_BASE_URI__ . 'img/c/'            ); 
      define( '_THEME_PROD_DIR_',  __PS_BASE_URI__ . 'img/p/'            ); 
      define( '_THEME_MANU_DIR_',  __PS_BASE_URI__ . 'img/m/'            ); 
      define( '_PS_IMG_',          __PS_BASE_URI__ . 'img/'              ); 
      define( '_PS_ADMIN_IMG_',    _PS_IMG_.'admin/'                     ); 
    }
    

...