How to Secure
Secure the Website
When you have logged into Admin you will see the admin dashboard - see ADMINISTRATION for a complete guide.
Security warnings are given as reminders on the admin dashboard, shown on the right of the screenshot.
These warnings are also shown on the Security Checks page.
From admin go to Tools → Security Checks to see this:
- This shows a new installation with security messages that require attention.
Deal with each one in sequence.
Admin HTTP Authentication
- Add a second level of password protection to the youradmin folder/directory on the server.
- From the admin dashboard go to Configuration → Administrators to see this:
- Click Edit to see this:
- Enter Username: and New Password:
- Tick the Protect With htaccess/htpasswd box.
- Click Save to see this:
When you next access the site you will see something like this to sign in:
- It is advisable to password protect the whole website to prevent visitors or internet search engines finding the website before it is ready - go to PASSWORD PROTECT - this can also be done on the cpanel in some host server accounts.
- Ensure both configure.php files have their file permissions set so only owner can read and write - set file permissions to 644 or 444 or 400 dependent on server host. This can be done in your server account control panel or using FTP software e.g. using WinSCP select file, click properties.
- Important: Our server does not allow the 644 setting to be changed using the control panel or FTP which causes the error message to remain on admin page - in this case contact your host server to change it for you.
- Delete this folder/directory from the server - right click and delete.
- Delete this folder/directory from the server.
- Click the message - it is linked to Tools → Version Checker to see this:
The README text file is no longer required.
- Delete this file from the server.
Make a test purchase
Though not an essential part of securing the shop, now is a good time to browse around the shop and make a test purchase to familiarise yourself with how it works. It is good practice to browse the shop through the eyes of a customer and you should do this every time you make any changes to your website to ensure customers can make a purchase.
- From admin click on the Your Shop link to go to the shop.
You will see similar to this.
NOTE: If the Install page still shows instead of your shop, ensure Install folder/directory has been deleted from the host server and ensure your browser cache is cleared. NOTE: Some host servers also have a cache so don't worry if the Install page is still showing. If temporarily frustrated by the link taking you to yoursite/install/index.php simply change the link in your browser address bar to yoursite/index.php - the host server's cache will eventually clear, usually within 24 hours.
- To bypass your browser's cache:
- Firefox / Safari: Hold Shift while clicking Reload, or press either Ctrl-F5 or Ctrl-R (⌘-R on a Mac)
- Google Chrome: Press Ctrl-Shift-R (⌘-Shift-R on a Mac)
- Internet Explorer: Hold Ctrl while clicking Refresh, or press Ctrl-F5
- Opera: Go to Menu → Settings (Opera → Preferences on a Mac) and then to Privacy & security → Clear browsing data → Cached images and files.
Phoenix User Guide is a continuing work in progress.
If you have any suggestions for content correction, improvement or inclusion please email us:
not a clickable link to prevent spam
Phoenix User Guide, like CE Phoenix, is free to use and is maintained by unpaid volunteers.
If you have found it useful please donate to keep it alive.
Use this link to donate whatever you want, every little helps.
Donate with Paypal
Code references are licensed under a Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales License.
All other content is the reserved Intellectual Property and Copyright of phoenixcart.org
PROTECTED BY COPYSCAPE ANTI-PLAGIARISM