Page 1 of 1

Question about OpenCart security

Posted: Thu Jan 03, 2013 6:25 am
by rmi
Like all open source software open cart is good choice for inexpensive site. But how secure is it against hacking? Should I always have newest version to be safe? I think there is still a lot of 1.4.x sites lying around the web, are they safe?

There is some guides what files need to be accessible (777), but very few step by step guides to increase secure. What files can be 'closed' after installation. Or if you don't use some feature can you increase secure by changing some access rights?

For example one common extension installation guide:

Be sure the vqmod folder and the vqmod/vqcache folders are writable (either 755 or 777).
Also be sure index.php and admin/index.php are writable.
If not sure which you need, first try 755.
If you get errors about permissions, then try 777.
Goto http://www.yoursite.com/vqmod/install
You should get a success message. If not, check permissions above and try again
Load your store homepage and verify it works.
Using FTP, verify that there are new "vq" files in the "vqmod/vqcache" folder.
If yes, then you are ready to start downloading or creating vQmod scripts, otherwise ask for assistance.

Done!

So it's ok to have index.php 777 writable for anyone who feels like writing in your website??

Re: Question about OpenCart security

Posted: Thu Jan 03, 2013 2:12 pm
by i2Paq
You set it to 755 during install, then back to 644.

Re: Question about OpenCart security

Posted: Thu Jan 03, 2013 7:32 pm
by victorj
Safety is already in detail discussed.

Opencart is safe as long as you follow the correct lines for any website.
after install all files can be set to 644 there is no need to have anything writing to these files.

exeption are folders where oc needs to write files like when you upload pictures so the folder image and all underlaying folders should be writeble for your shop so 755 is a good choice if problems set to 777.
same goed for system/cache and system/logs oc writes files to these folders so they should be set to 755 or 777.

vqmod you allready found out.

There are detailed postings on how you can improve security for oc so a good search will bring you there.

But for the most not oc is the security risk since most hack attemps are on server level.