How to set up shop to make safer zencart?

Here are a few steps to strengthen the security of the Zen Cart shop:
1. Delete / zc_install installation directory
After the installation is complete,Deleted from the server business / zc_install installation directory。
Do not just rename the directory,In case people know the name of the directory,Insecure。
2. Set configure.php files as read-only
The two configure.php files CHMOD(Setting permissions)Command be changed to read is important。
It is usually set to "644",Sometimes "444"。
If the program can not be modified via FTP,You can use file management tool provided by the host to modify。
If you are using Windows Server,As long as the file is set to "Everyone", "Read Only",If that is in IIS,User is IUSR_xxxxx,Or "System" account,International trade payment qq 1274899661 In Apache,Is "apache user" account。
3. Renamed "/ admin" directory
Modify the "admin" directory name,With a difficult to guess the name。
(Before making the following changes,Back up your files and databases。)
A- Using a text editor,Notepad e.g.,Open the file admin / includes / configure.php。
All appear / admin / local directory name into their management。
We need to modify the part:
define(’DIR_WS_ADMIN’, ‘/admin/’);
define(’DIR_WS_CATALOG’, ‘/’);
define(’DIR_WS_HTTPS_ADMIN’, ‘/admin/’);
define(’DIR_WS_HTTPS_CATALOG’, ‘/’);
We need to modify the part:
define(’DIR_FS_ADMIN’, '/home/mystore.com/www/public/admin/');
define(’DIR_FS_CATALOG’, '/home/mystore.com/www/public/');
B- Find the Zen Cart / admin / directory,
The directory name in accordance admin / includes / configure.php defined in amended accordingly。
4. Remove unused administrator accounts
Management page -> Tools -> Manage Settings
In the management page,Open the Tools menu,Select Management Settings
– Check that all administrator accounts are not using and delete。Particular attention to whether there is "Demo" account。
5. Strengthening the administrator password
Be sure to use a certain intensity、Not easy to guess password。
To change the administrator password,Enter the management page -> Tools -> Manage Settings,Click the "Reset Password" button,Or click on the icon would like recycling bins。International trade payment qq 1274899661
We recommend using a password of at least eight。
Password should contain letters、digital、meets the、And capitalization, etc.。
6. Protected content "custom page" "html_includes" in
Well defined your custom page after,(Management page -> Tools -> Edit Page), You want to protect these files:
A. Backup using FTP software download,These files are located
/includes/languages/schinese/html_includes目录。
B. Modify the file CHMOD 644 or 444 (Under Windows or "read-only")。See description above CHMOD
/includes/languages/schinese/html_includes

Leave a Comment