v3.0.3.9
Hello,
Back when I installed OC v .1.5.5.1 I recall there was a thread that gave advice of things to do after the installation, like tips/tricks
Like:
-change the permissions on certain files to certain (Read/Write/Execute) values to make things more secure.
-Setup tips for the htaccess file(s)
-Rename the admin folder
etc.
Is there a thread like that for OC 3.x (or more specifically 3.0.3.9)?
Also, I noticed checking the page source of my OC store that there was a line of code in the source file "<link href="catalog/view/javascript/jquery/swiper/css/opencart.css" type="text/css" rel="stylesheet" media="screen" /> - Is it possible to change that file name in order to prevent bots from searching for that info in the source code to identify the store as an Opencart store and try to spam or hack it?
Hello,
Back when I installed OC v .1.5.5.1 I recall there was a thread that gave advice of things to do after the installation, like tips/tricks
Like:
-change the permissions on certain files to certain (Read/Write/Execute) values to make things more secure.
-Setup tips for the htaccess file(s)
-Rename the admin folder
etc.
Is there a thread like that for OC 3.x (or more specifically 3.0.3.9)?
Also, I noticed checking the page source of my OC store that there was a line of code in the source file "<link href="catalog/view/javascript/jquery/swiper/css/opencart.css" type="text/css" rel="stylesheet" media="screen" /> - Is it possible to change that file name in order to prevent bots from searching for that info in the source code to identify the store as an Opencart store and try to spam or hack it?
There is https://docs.opencart.com/en-gb/adminis ... /security/ with a little bit of infomation. It's going to be the same for any OpenCart version.
You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.
You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.
Thank you.ADD Creative wrote: ↑Sat May 25, 2024 8:23 pmThere is https://docs.opencart.com/en-gb/adminis ... /security/ with a little bit of infomation. It's going to be the same for any OpenCart version.
You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.
So is it pointless to spend time renaming that file then? I just figured they were crawling the page source and looking for "Opencart" references
If you are worried about potential spambot, then we recommend the SpamBot Buster.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Not every OpenCart will include the file, as it's part of a module. Just knowing that there are files in catalog/view/javascript/ and by the format or other URLs would be enough to detect it's OpenCart.ggrant3 wrote: ↑Sun May 26, 2024 1:06 amThank you.ADD Creative wrote: ↑Sat May 25, 2024 8:23 pmThere is https://docs.opencart.com/en-gb/adminis ... /security/ with a little bit of infomation. It's going to be the same for any OpenCart version.
You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.
So is it pointless to spend time renaming that file then? I just figured they were crawling the page source and looking for "Opencart" references
Some of the basics include:
Make sure folders are assigned 755 permission and files 644 when uploaded
You can password protect the admin directory so the /admin page won't load until a separate username and password entered
Secure the .htaccess file by adding this at the top
# secure htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
Make sure the /install/ folder is deleted
Make sure each of your passwords are strong and unique (OC admin, password for database username, hosting control panel, ftp account(s), etc)
Install and use a Firewall to prevent attacks from happening in the first place
Make sure folders are assigned 755 permission and files 644 when uploaded
You can password protect the admin directory so the /admin page won't load until a separate username and password entered
Secure the .htaccess file by adding this at the top
# secure htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
Make sure the /install/ folder is deleted
Make sure each of your passwords are strong and unique (OC admin, password for database username, hosting control panel, ftp account(s), etc)
Install and use a Firewall to prevent attacks from happening in the first place
ELEV8TE Website Development
Available for hire - please contact me at https://www.elev8your.com/contact
https://www.elev8your.com
Who is online
Users browsing this forum: No registered users and 15 guests