There are several ways anyone, whatever the technical level, can enhance the safety of his/her PrestaShop install.
Here are few eayseasy-to-apply tips.
|Table of Contents|
Always use the latest version of PrestaShop
That's a given, really. A new version , but it bears repeating. New versions of PrestaShop contains new features, improvements and bugfixes, but and among those might also be some security improvements and fixes.
Establishing a basic authentication on the back office folder requires adding a
.htaccess and a
.htpasswd file. Both are simple text files with not nameswithout a name, only an extension.
In windowsWindows, you cannot easily create a file with no name. There are two easy ways to solve this:
One of the aims of the
.htaccess file is to protect your folders and all of its sub-folders (read http://en.wikipedia.org/wiki/Htaccess). It only works on Apache servers. Make sure your web server is Apache before creating a
.htaccess file: ask your host!
To achieve basic authentication on your back office protect a folder, you need to add a
.htaccess file in put those two files at the root of that folder (for instance, through your FTP software, in
/var/www/prestashop/admin123456 or maybe
- Always delete the
/installfolder after having installed or updated PrestaShop.
- Always delete useless files from production server:
- The README.md file.
- The CONTRIBUTING.md and CONTRIBUTORS.md files.
/docsfolder and all its content.
Your applications' PHP code is the only vulnerable path to your server. It is therefore strongly recommended to always update your server's applications: PHP, MySQL, Apache and any other application on which your website runsweb hosting.