After you install CS-Cart, you can improve your site security by following the recommendations in this article.
Change the administration panel file name
Change the default name of admin.php to something only you know. To change the name of admin.php, follow these steps:
1) Log into your cPanel.
2) Click File Manager.
3) Locate admin.php, right-click it and select Rename. Choose a name that only you know and that you will remember.
4) Click Rename File.
5) Change config.local.php to include the new admin filename. In the File Manager, locate config.local.php, right-click it and select Edit.
6) In the confirmation box, click Edit.
7. In the file, find this line:
$config['admin_index'] = 'admin.php';
and change it to reflect the new name of the admin file.
$config['admin_index'] = 'my_secret_admin.php';
8) Click Save Changes and then click Close.
9) Confirm that the install folder has been deleted. The Install folder is usually automatically deleted after installation, but it’s a good idea to check and delete it if necessary. If it exists, the Install folder will be in the same directory as admin.php.
11) If you see the Install folder, right-click it and select Delete.
12) In the confirmation box, click Confirm.
Check the file permissions
Ensure that the following files and folders have 644 permissions applied to them.
config.local.php | 644 |
design/.htaccess | 644 |
images/.htaccess | 644 |
var/.htaccess | 644 |
var/themes_repository/.htaccess | 644 |
design/index.php | 644 |
images/index.php | 644 |
var/index.php | 644 |
var/themes_repository/index.php | 644 |
Configure security settings
You can enable secure connections (HTTPS) for your administration panel, storefront, or both.
1) In the administration panel, go to Settings > Security settings.
2) In the Enable secure connection for the storefront dropdown, select one of the following:
- Secure profile, checkout and order pages – Choose this to enable secure connections only on the profile, checkout, and order pages. These are the store pages that typically send data to the server.
- Secure full site – Choose this to enable secure connections on all store pages.
3) Select Enable secure connection in the administration panel.
4) Click Save.
Use the Access Restrictions add-on
You can use the CS-Cart Access Restrictions add-on to restrict access to the administration panel and storefront based on user IP address.
If you have any questions about securing your CS-Cart installation or if you need help with your HostPapa account, please open a support ticket from your dashboard.