Is Prestashop secure? Is this question in your mind? One of the most important things and that in turn, we have to take into account if we use a CMS, is security. The code that is used in these is well known since it is free code and so are the vulnerabilities it has, so it is normal that when using it, the measures that we must take into account so that our site is completely safe be several. That is why today we will present ten points to keep in mind to increase PrestaShop security.
These are 10 basic tips to improve the default installation of PrestaShop, this will allow you to have a more secure online store, both for you and for your customers. However, these are basic tips and should not be taken as a definitive or complete guide. There are many other ways to secure PrestShop that we will see later.
Is Prestashop secure?
Choose a good hosting
One of the main points to increase the security of PrestaShop is the hosting. We must ensure, if possible before choosing where we are going to host our site, that our hosting provider takes all the necessary measures to keep it safe, especially if we are on a shared server, where we cannot prevent vulnerabilities from other sites from us. affect. For example, in Infranetworking they have fully optimized hosting for this type of CMS and in case you have not started your project yet, you can take a look at the Hosting plans for Online Stores , which come with SSL, domain and PrestaShop included!
And in case we have our own server, it is also very important that it has the corresponding security settings, as well as the corresponding updates. Since even having a dedicated server or VPS, we are not exempt from vulnerabilities, malware and spam.
Keep plugins, themes, and the cms updated
Updates are very important and that is why we must without a doubt keep the software we use updated in its latest version. In fact, this is not only important in terms of the CMS and its addons, but it is something we must take into account on the server-side as well, especially if we want to keep our site as secure as possible.
We must ensure that we always have the latest updates in order to solve those vulnerabilities that have been found and corrected in the new updates, in addition to these many times bring us new functionalities, which will undoubtedly be good for us to give our users the best experience.
To keep in mind about addons and themes
Another very important point that we must take into account about the plugins and the theme of our site, is that you have to choose them carefully. It is not recommended to install this type of software from anywhere, we must make sure that they are from safe sources, that they have support, they are updated frequently, etc.
Thus, we will not only be avoiding vulnerabilities, but we will also undoubtedly be increasing the performance of our site. On the other hand, it is also very important not to install unnecessary addons, it is advisable to only have the ones we are using and uninstall those that we are not.
Install security addons
On the other hand, although it is not advisable to have more addons than necessary, there are some that can be very beneficial in terms of security.
To increase the security of PrestaShop, for example, there are some that can help us to secure the administrator section of our PrestaShop as Double Factor Authentication for Back Office that allows us to use the Google authentication factor on our site; Add captchas to forms, comments, etc, for which we can use for example No Captcha reCaptcha; Block IPs, etc.
Obviously, we should not install all of them, but some may help us, depending on exactly what we need.
Use strong passwords and users
Another measure that we can take, which in addition to greatly improving the security of our site, is very easy to implement, are the passwords and users that we use.
As for them, it must be taken into account that they must be as strong as possible, at least contain some special character, a mixture of upper and lower case letters, as well as numbers, and above all it must have a length of at least eight characters.
The stronger our password, the more difficult it will be for them to guess, so it will be less likely that we will be hacked or compromised. Remember that there are many ways to guess passwords today, and those as simple as ” pass “, ” 123456 ” are even more so.
So without a doubt, if we want to increase security, it is best to use a strong one and we can even use an online generator for it.
Be careful with the permissions we assign
Something that we must also take into account is not to give 777 permissions to files and directories, this is a major flaw in the security of our site. We must always use the minimum necessary permissions, in order to avoid vulnerabilities, for example, if we are using suPHP with permissions 755 for directories and 644 for files is more than enough.
We should not abuse these permissions under any circumstances if we want to keep our site safe, and in the end one of the biggest reasons why sites are violated is for this very mistake.
Make use of an ssl certificate
Because we have a store, something that we should definitely use is an SSL certificate. This, in addition to being necessary to carry out transactions safely, encrypting the data exchanged by the client and the server, is something that will also prevent that if the data is intercepted in any way, they cannot do anything with it.
In addition to that, it will give us credibility before the user, since when he sees the lock in the top bar of the browser, he will automatically know that the site is using an SSL certificate and that the shared data is encrypted and exchanged in a secure way.
Where can we buy an SSL?
The SSL Certificates can be ordered directly from Infranetworking for example, and if the site is staying at your hosting, they will configure and install without problems, so you’ll have it active in just a couple of minutes.
Modify the admin directory and secure it via.Htaccess
If there is one section that is really sensitive and important on our site, it is the administrator section. That is why, it never hurts to take the necessary measures to prevent unauthorized personnel from accessing it. This point is vital to increase PrestaShop security.
One of the ways to do it is by modifying the name of the directory, with which we must emphasize that it is not advisable to use ” admin “, ” admin123 “, ” administrator “, etc; Since these are very common, it is always best to use a name that is easy and difficult to guess.
On the other hand, we can also use our .htaccess to put one more password to our administrator directory, so by using this option we will be adding another layer of security to it.
We can do this in the following way:
cd / home / user / public_html htpasswd -c /home/user/.htpasswd user
- And then, we create the .htaccess file with the following inside
nano -w /home/user/.htaccess ErrorDocument 401 default AuthType Basic AuthName "Restricted access" AuthUserFile "/home/usuario/.htpasswd" require valid-user
- Let’s not forget to change the owner
chown user: user /home/user/public_html/.htaccess /home/user/.htpasswd
If we do not have SSH access, we can do this from cPanel in the ” Directory Privacy ” section.
- We access this section from cPanel.
- We select the directory
- And we put a username and password
Delete unnecessary files
As with plugins, it is important to delete files that are not being used. For example, once the installation is finished, we must delete the ” install ” folder , the same applies to the ” README ” files, etc.
It is not necessary to have files that we do not need on our site. This will only increase the possibility of it being compromised.
Make frequent backups
Backups as such are not a security measure in themselves, they will not really help to increase PrestaShop’s security, but they are extremely necessary since they can fail. This is why it is very important to make frequent backups, not only in case something fails, but also to be calm and sure that at any time, in a matter of seconds, we can set up our store again if we need it.
As we can see, there are many things we can do if we want to increase the security of PrestaShop. Likewise, the important thing is to carry out everything in our power to reduce the possibility of being hacked, having malware, or spam. Besides, without a doubt, these tips will help us so that our users see our site as a comfortable and safe place.
Read More: How to enable SSL on Prestashop