Question about OpenCart security
Posted: Thu Jan 03, 2013 6:25 am
Like all open source software open cart is good choice for inexpensive site. But how secure is it against hacking? Should I always have newest version to be safe? I think there is still a lot of 1.4.x sites lying around the web, are they safe?
There is some guides what files need to be accessible (777), but very few step by step guides to increase secure. What files can be 'closed' after installation. Or if you don't use some feature can you increase secure by changing some access rights?
For example one common extension installation guide:
Be sure the vqmod folder and the vqmod/vqcache folders are writable (either 755 or 777).
Also be sure index.php and admin/index.php are writable.
If not sure which you need, first try 755.
If you get errors about permissions, then try 777.
Goto http://www.yoursite.com/vqmod/install
You should get a success message. If not, check permissions above and try again
Load your store homepage and verify it works.
Using FTP, verify that there are new "vq" files in the "vqmod/vqcache" folder.
If yes, then you are ready to start downloading or creating vQmod scripts, otherwise ask for assistance.
Done!
So it's ok to have index.php 777 writable for anyone who feels like writing in your website??
There is some guides what files need to be accessible (777), but very few step by step guides to increase secure. What files can be 'closed' after installation. Or if you don't use some feature can you increase secure by changing some access rights?
For example one common extension installation guide:
Be sure the vqmod folder and the vqmod/vqcache folders are writable (either 755 or 777).
Also be sure index.php and admin/index.php are writable.
If not sure which you need, first try 755.
If you get errors about permissions, then try 777.
Goto http://www.yoursite.com/vqmod/install
You should get a success message. If not, check permissions above and try again
Load your store homepage and verify it works.
Using FTP, verify that there are new "vq" files in the "vqmod/vqcache" folder.
If yes, then you are ready to start downloading or creating vQmod scripts, otherwise ask for assistance.
Done!
So it's ok to have index.php 777 writable for anyone who feels like writing in your website??