Secure your shop – ZenCart | Fast Information

Secure your shop – ZenCart

Certified and Secured Zencart Hosting - Sydneywebs

Certified and Secured Zencart Hosting – Sydneywebs

There are many articles about how to secure your zencart based website.Why this one on top? Becaue I wish to be better all others. I will try to keep it simple

1. The hosting company must have installed mod-security (php) How you can check it?
Install zencart or just copy your website files to the new hosting. If you will be asked to make specific folders writable then look for another hosting. SydneWebs is certified Zencart Hosting daily scanned (McAfee)

2. Make sure you have the latest (patched) version of ZenCart.

3. Install two modules to backup database and website filesystem and do backup anytime you change something. Keep all backups in safe place and document every single backup what changes in code and/ore database contain. Have you big store then setup backup to be done automatically in at least two places on different physical systems.

4. Install the module which allow to setup multiple administrators. Do not allow to anybody except you the full access to the back end of the website.

5. If it is possible change permission for /images, /includes/YOUR_LANG/html/ includes/ folders and files under those folders READ ONLY.

6. Set READ ONLY the configure.php files from /includes and /ADMIN_FOLDER/includes. You will never need the writable as long as you do not move the website / change its database

7. Force admins to changing the password on regular basis (1 to 3 months)

8. Link admin to a static IP if applicable

9. Main admin setup to receive emails anytime someone is logging to admin area (active monitor) or read the admin log every day and check who logged in.

For any version prior to 1.5

1. Change the name of admin folder! It is crucial to do it. A SERIOUS vulnerability has been discovered in the admin section of v1.3.8 (and previous versions). To take advantage of this vulnerability any attacker must know the URL of your admin section. As our security recommendations point out, you should change the folder that your admin resides in as soon as you installed Zen Cart.

2. Force users and admins to use long password, hard to guess by idiots or cracked by “machines” For consumers setup minimum length of 8 characters and check the strength of the password when it is input.