Post by andyyydotcom » Sat Aug 24, 2013 6:46 am

Hey guys!

I was wondering if any of you pro / long term users had any security tips for an Opencart "newbie" like myself?

Thus far on my system, I have:

Obviously removed the install folder.
SSL encryption installed and running.
Changed chmod permissions to 644/444 on most files.
Renamed my admin folder to something less obvious.
Made a couple of .htaccess files stopping public users from downloading error logs.
Strong passwords (of course).
Removed "Powered by OpenCart" (with no disrespect of course, we don't want everyone knowing what system we're running).
Display errors - Off.
Custom encryption key.

If there's anything that you guys can suggest, please do tell! All thoughts are welcomed.

Thanks!

Newbie

Posts

Joined
Wed Apr 03, 2013 7:08 am

Post by butte » Mon Aug 26, 2013 2:46 am

The four pages starting here and covering a modest diversity of points will be a decent start:
http://forum.opencart.com/viewtopic.php?f=20&t=98644

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by mc-2004 » Sun Dec 15, 2013 12:12 am

Well done, you've made all the essential changes for a more secure opencart. Many vulnerabilities can be caused by hosting side weaknesses. You can check if your host is secure enough. And you may crate a 404 error page that redirects attempts to reach inappropriate pages back to your store.

Nettpazar


Newbie

Posts

Joined
Fri Sep 07, 2012 2:24 am

Post by butte » Sun Dec 15, 2013 8:25 am

I assume that "644/644" is mistyped 755/644 for dirs/files.

You have peace of mind by removing "Powered by OpenCart" but the removal does not accomplish anything, anybody can ascertain that and more within seconds. By the time you can even read "Powered by OpenCart" an inquisitive hacker will already be looking somewhere well past that, but probably robotically to boot. A robot won't care if it says powered by Tinkerbell, the robot will look instead at source directory structure and other plain hints that Tinkerbell had nothing or everything to do with it.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am

Post by opencart-templates » Thu Jun 05, 2014 11:40 pm

1. Add a security captcha into the admin login, this helps prevent brute force guessing your admin password.
2. Move your download folder outside of the doc root. So even if a hacker is able to upload a file and guesses the hash, they are not able to access via a URL.

Advanced Professional Email Template
Customers Pre-Sale. Inc abandoned cart email
Order Follow-Up Email. Inc request review
Email Validation with ZeroBounce


User avatar
Active Member

Posts

Joined
Mon May 16, 2011 7:24 pm
Location - UK
Who is online

Users browsing this forum: Amazon [Bot] and 36 guests