Post by mike331487 » Sun Nov 12, 2017 10:25 pm

Hi,
I've been trying to find out by looking through the forums what additional security measures I need to take to make my site more secure using the the latest opencart 3.0.2.0.
All of the information that I have found seems to refer to earlier versions and I don't want to mess up my site by adding the wrong htaccess files etc (which I don't really understand the code for) so any pointers on what to put where (if needed in this version) would be much appreciated.
Thanks

Newbie

Posts

Joined
Sat Sep 02, 2017 12:28 am

Post by IP_CAM » Mon Nov 13, 2017 11:13 am

Well OC-Users are like Windows Users, those, using latest Developments,
always belong to the Testers, by Nature of Things, and regardless of the Brand.
And after a while, they will find out, if the Software still has some Misses. :D :o

That's the way, it works, but Server Security sure not depends on OpenCart
only, there are many things, to be taken care of, and two of them are an upmost
perfect .htaccess file, and a clean chmod-ed Server Environment.

But one has no influence on 'general' Server Security anyhow, and those, expecting
such for a couple of bucks Server Rent per month, are just dreaming. Again, it's like
in real life, it never ends, and does not come for cheap or even free, when it comes to
keep something secure.

But the Web is full of information on how to secure Servers by use of an .htaccess file,
and OC-specific info can be found around here as well.

Good Luck! ;)
Ernie
PS. I use two of them, one in the ROOT Section, keeping all those Bugs off Door,
frequently trying to sneak in, and an OC-specific .htaccess File in the Shop Root.
In addition, I so far 'OC-rerouted' more then 750 different ways of trying it out... :laugh:
so avoiding new ones, using similar linking, to even be able to stay .... :choke:
---
viewtopic.php?f=20&t=161164
http://crehemaung.info/opencart-htaccess-file-8mq/
http://www.htaccessbasics.com/force-www-nonwww-domain/
http://www.kavoir.com/2007/03/11-ways-t ... assle.html
---

Ernie's OpenCart v.1.5.6.5 LIGHT + OpenShop Admin v.1.75 Test Sites
http://www.ebikes.li - http://www.evelo.li - http://www.openshop.li
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by mike331487 » Tue Nov 14, 2017 3:27 am

Thanks Ernie, I'll have a good look through the links you posted.
My thought was that maybe all of the extra security measures that were recommended for the older versions may have already been integrated into the latest opencart so I didn't want to be messing with adding or modifying htaccess files etc if it's not necessary ....especially as I don't fully understand what I'm doing.
I did try changing the admin folder name as recommended but seen as I use both OCMOD and vQmod found out that this may cause problems with them so ended up using an extension which allows you to add your own key code in the URL to get into the admin section.

Newbie

Posts

Joined
Sat Sep 02, 2017 12:28 am

Post by IP_CAM » Tue Nov 14, 2017 10:50 am

Well, it's not a very good Idea, to change the Admin Directory, and it will
lead to problems, if you later add Extensions, no longer beeing able to
access the default admin Section, they all then need to be rewritten as well.

A relatively secure method would be, like done in the Extensions linked below,
but I am not sure, if the Admin Access in OC v.3.x still works the same way. You
could try anyway, to find out.
Good Luck ! ;)
Ernie
RazorinWorks - Secure MyAdmin 2.0
https://www.opencart.com/index.php?rout ... n_id=23969
---
(VQMOD) Secure Admin URL
https://www.opencart.com/index.php?rout ... n_id=24045
---

Ernie's OpenCart v.1.5.6.5 LIGHT + OpenShop Admin v.1.75 Test Sites
http://www.ebikes.li - http://www.evelo.li - http://www.openshop.li
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 3 guests