...
- Secure your back-office
- Rename your
/admin
folder after the PrestaShop installation. This is a must, and you actually cannot access your PrestaShop administration if you haven't performed that change. Make sure to pick a really unique name, ideally a mix of letter and number, such as "my4dm1n". - Protect your admin folder with the
.htaccess
and.htpasswd
files, or ask your web host to do it for you. - Do not let your browser keep traces of your password (cookie or any other helper).
Pick a complex password, by mixing letters, numbers and even punctuation marks, such as "5r3XaDR#". You can and should use a password generator, such as Symantec's (http://www.pctools.com/guides/password/) or GRC's (https://www.grc.com/passwords.htm).
Tip Safer than a password: you can use a passphrase. Not only is a passphrase easier to remember, but it is also much harder to crack, even when the hacker is using automatic tools (brute force attack or dictionary attack).
A passphrase only needs to be long and easy to remember for you. Any popular saying should do ("Don’t Throw the Baby Out with the Bathwater"), but an absurd phrase will have even less risk of being discovered by a hacker. For instance, "Many reckless drivers confuse tractor with record sleeves".
There are some good passphrase generators online, which help you get a unique phrase for you only. For instance: http://passphra.se/ or http://www.fourmilab.ch/javascrypt/pass_phrase.html.
PrestaShop's passwords are not limited in either number of characters or types of characters.
- Rename your
- Securing your PHP installation
- See the required and recommended PHP settings, at the beginning of this very guide.
- Always delete the
/install
folder after having installed or updated PrestaShop - Always delete useless files from production server:
- all
readme_xx.txt
files. - the
CHANGELOG
file. - the
/docs
folder.
- all
Forbid access to your theme's files/templates, using a
.htaccess
file with the following content:Code Block language none <FilesMatch "\.tpl$"> order deny,allow deny from all </FilesMatch>
...