Hi,
How do I improve the security of Opencart 2.3.0.2?
I know I should use a strong password, and change the name of the Admin folder. But, are there any other things I should do to improve the security of Opencart 2.3.0.2?
For example, I read I should change the Read/Write permissions of the config.php files, and add a 404.html file to the root folder, amongst other things.
Should I be doing these things? And what else should I be doing to improve the security of Opencart 2.3.0.2?
Thanks
Well:
I strongly recommend to read the OpenCart Docs on Security Practices:
http://docs.opencart.com/administration/security/
The following files need to be set to 644 or 444 to prevent anyone else from writing to them:
config.php
index.php
admin/config.php
admin/index.php
system/startup.php
I strongly recommend to read the OpenCart Docs on Security Practices:
http://docs.opencart.com/administration/security/
Hi,
1. I also read that you should create a file named 404.html, and put it in your store root. This file will be served to anyone who tries to access something inappropriately.
2. I also read that certain files are wide-open by default. And you should protect these files by creating a .htaccess file with the following code:
<Files *.*>
Order Deny,Allow
Deny from all
</Files>
Then put that .htaccess file in the directories:
/system/
/system/logs/
3. I also read that I should put a .htaccess file in the /catalog/ folder with the following code:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpeg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.png$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.gif$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.css$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.js$
RewriteRule ^(.+)$ /404.html [NC]
4. As above, the /image/ folder requires protection as well, and you need a similar .htaccess file to achieve this. Create another .htaccess file in your /image/ folder with this code:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpeg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.png$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.gif$
RewriteRule ^(.+)$ /404.html [NC]
Should I also be doing the 4 things mentioned above for Opencart 2.3.0.2?
1. I also read that you should create a file named 404.html, and put it in your store root. This file will be served to anyone who tries to access something inappropriately.
2. I also read that certain files are wide-open by default. And you should protect these files by creating a .htaccess file with the following code:
<Files *.*>
Order Deny,Allow
Deny from all
</Files>
Then put that .htaccess file in the directories:
/system/
/system/logs/
3. I also read that I should put a .htaccess file in the /catalog/ folder with the following code:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpeg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.png$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.gif$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.css$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.js$
RewriteRule ^(.+)$ /404.html [NC]
4. As above, the /image/ folder requires protection as well, and you need a similar .htaccess file to achieve this. Create another .htaccess file in your /image/ folder with this code:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.jpeg$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.png$
RewriteCond %{REQUEST_FILENAME} !^(.+)\.gif$
RewriteRule ^(.+)$ /404.html [NC]
Should I also be doing the 4 things mentioned above for Opencart 2.3.0.2?
Yes, you should, but be cautious when editing code.
thanks,I need these methods too.
my extension:https://www.opencart.com/index.php?rout ... estshop24h
email :support@bestshop24h.com
site:http://www.bestshop24h.com
Hi,
On this page 'http://docs.opencart.com/administration/security/' it says the following:
A .htaccess and .htpasswd file in the admin folder will prevent hackers from accessing your store, even if they discover the admin login location. Using .htaccess, you can deny all IP addresses from viewing your store, except the admin's IP address. A .htpasswd in the admin folder will require an additional password for the allowed administrator to access this directory.
What should be written in these files?
Thanks
On this page 'http://docs.opencart.com/administration/security/' it says the following:
A .htaccess and .htpasswd file in the admin folder will prevent hackers from accessing your store, even if they discover the admin login location. Using .htaccess, you can deny all IP addresses from viewing your store, except the admin's IP address. A .htpasswd in the admin folder will require an additional password for the allowed administrator to access this directory.
What should be written in these files?
Thanks
the following two articles will teach you how to write .htaccess and .htpasswd
http://tools.dynamicdrive.com/password/
http://www.htaccesstools.com/htpasswd-g ... r-windows/
they works ,I have successfully made them.
http://tools.dynamicdrive.com/password/
http://www.htaccesstools.com/htpasswd-g ... r-windows/
they works ,I have successfully made them.
my extension:https://www.opencart.com/index.php?rout ... estshop24h
email :support@bestshop24h.com
site:http://www.bestshop24h.com
Who is online
Users browsing this forum: Majestic-12 [Bot], Semrush [Bot] and 54 guests
