How to make your PrestaShop more secure
Here are some suggestions on how to improve the security of your PrestaShop:
- Block access to the admin directory. By default, when you install PrestaShop you have to rename the admin directory. You can also block the access to that directory for all IP addresses except yours. You can do this by putting an .htaccess file with a specific rule in it in your admin directory. For more information check out the article on blocking access to directories on your account.
- Make your admin password difficult to guess. Combine upper and lower case letters, numbers and symbols
- Back up your PrestaShop on a regular basis, both the files on your account and the database.
- Update your application when a new stable PrestaShop version comes out.
- Install PrestaShop in its own database. Don't use the same database for many applications. Use a different username and password for each of your databases. During the installation process change the default ps_ database table prefix from the corresponding setting.
- Make sure that the PrestaShop files and directories on your PrestaShop hosting account have the correct permissions: 755 for directories and 644 for files.
- Upload and install only add-ons that you need for your store.
- You can disable some dangerous PHP functions that you don't need for your store by putting a rule in the php.ini file for your account.
- Restrict access to the template files. You can do this by putting a rule in the .htaccess file that's in the root PrestaShop directory.
- Use SSL encryption to protect important information (e.g. order processing, login details). To do this you need a private SSL certificate which you can purchase from us from the client area for your account.
- Make sure that the Check IP on cookie setting is enabled. It's enabled by default. You can check this from the backend of your PrestaShop (Preferences tab).
- Keep the security tokens setting enabled. It's enabled by default. The setting can be enabled and disabled from the backend of your store (Preferences tab>Increase Front Office security).
- You can switch between two ciphering algorithms: the default Mcrypt and the BlowFish class. You can do this from the backend of your PrestaShop (Preferences tab>Performance sub-tab>Ciphering section). This won't really have much of an effect in terms of security and performance. Nevertheless, this setting gives you some choice on what to use.
- You can restrict access to your store for visitors from particular countries. You can do this with the geolocation tool that's included in PrestaShop (Preferences tab>Geolocation sub-tab).
For some more details check out the HostKnoxÂ PrestaShop Security Tutorial.