Zen Cart Security Tips

April 3, 2014 / Web Hosting
Zen Cart Security Tips

With the help several handy steps we can make a Zen Cart website secure. The following steps will guide you:

1 – /zc_install folder needs to be deleted

After the successful installation of Zen Cart, you can delete the /zc_install folder from your server. Simply delete that folder, do not rename it, because it will make you vulnerable if someone able to discover that renamed folder. After the installation and website testing, you should delete some other folders from your live website on the server: such as delete the /docs/ and /extras/ folders, as well as the /install.txt file.

2 – Rename the admin folder

By using FTP software or the File Manager option from the control panel find Zen Cart /admin/directory. Rename that directory to match the settings that you just made.

3 – Ensure that configure.php files are read-only

It is really important that you must set read-only permissions on the two configure.php files. Set the permissions 644 or in some cases 444.

4 – Delete the Admin accounts which are not being used

In the admin area, open the Tools menu and select Admin Settings. Check how many unused Admin accounts listed there, delete them.  [Admin >>Tools >> Admin Settings]

5 – Password security of Admin logins

It is highly recommended to use complicated passwords so that potential intruders cannot easily guess them. It is also wise to change your admin passwords frequently. You can change your Admin passwords via Admin > Tools > Admin Settings, Cloud on the Reset Password button or click on the icon that looks like a recycle symbol to change the password.

6 – Admin access security

The following things are very important while working in your admin area:

a) Always use only one web browser tab to access the admin area.

b) Do not browse other website while your browser has an active admin login session enables even in another tab.

c) Always log out of your admin when you are not using it.

7 – Securing define page content in html_includes file

Once you have completed editing of define pages [admin > tools > Define Pages Editor], you should secure them by using the following methods:

a) Download a copy of them to your local machine by using FTP software. They are located in the /includes/languages/English/html_includes area.

b) Set their permissions to 644 – /includes/languages/English/html_includes – and all files and folders underneath.

8 – Use .htaccess files to secure against unwanted snooping.

It is always a good alternative. Using htaccess files in all folders is the best choice for servers that accept them. For this you just need to create an htaccess file with the following code.

#.htaccess to prevent unauthorized directory browsing or access to .php files.

IndexIgnore */*
<Files * .php>
Order deny, allow
Deny from all
</Files>

Incoming searches related to Zen Cart Security Tips

  • zen cart security issues
  • zen cart security patches
  • zen cart information
  • shopping cart security
  • zen cart tutorial