How to Secure

From Phoenix Cart User Guide
Revision as of 16:25, 2 November 2019 by PeterRobert (talk | contribs)

<historylink type="back">🠈 Back</historylink> 🠉 SET UP SHOP


Secure the Website

Warnings as shown below are given as reminders both on the admin dashboard and on the Security Checks page - from admin dashboard go to Tools → Security Checks.


Securewarnings1.png

  • Add a second level of password protection to the youradmin folder/directory on the server.
    • From the admin dashboard go to Configuration → Administrators to see this:

Administrators1.png


  • Click Edit to see this:

Administrators3.png


  • Enter a different Username: and New Password:
  • Tick the Protect With htaccess/htpasswd box.
  • Click Save to see this:

Administrators2.png


TIP:

  • It is advisable to password protect the whole website to prevent visitors or internet search engines finding the website before it is ready - go to PASSWORD PROTECT - this can also be done on the cpanel in some host server accounts.



Securewarnings2.png

  • Ensure both configure.php files have their file permissions set so only owner can read and write - set file permissions to 644 or 444 dependent on server host. This can be done in your server account control panel or using FTP software e.g. using WinSCP select file, click properties.
    • Important: Our server only allows a 644 setting which causes the error message to remain on admin page - providing the setting is 644 this can be ignored.
  • Presuming a SSL certificate is installed:
    • Edit includes/configure.php
    • The files on the host server can be edited using FTP software.
    • E.g. using FileZilla - right click on the file and click View Edit in the popup menu.
    • Change the line that begins with define('ENABLE_SSL', to define('ENABLE_SSL', true);
    • Check the lines that show your domain:
      • define('HTTP_SERVER',
      • define('HTTPS_SERVER',
      • Ensure your domain begins with https and not http - add the s if needed - save file back to the server.
    • Edit youradmin/includes/configure.php
    • Change the line that begins with define('ENABLE_SSL', to define('ENABLE_SSL', true);
    • Check the lines that show your domain:
      • define('HTTP_SERVER',
      • define('HTTPS_SERVER',
      • define('HTTP_CATALOG_SERVER',
      • define('HTTPS_CATALOG_SERVER',
      • Ensure your domain begins with https and not http - add the s if needed - save file back to the server.
    • Important: includes/configure.php and youradmin/includes/configure.php are different files in different locations, never open both at once to avoid confusion and ensure they are transferred to the correct locations.



Securewarnings3.png

  • Delete this folder/directory from the server - right click and delete.



Securewarnings4.png

  • Delete this folder/directory from the server.



  • The README text file is no longer required.
    • Delete this file from the server.



NOTE: If the Install page is still shows instead of your shop, ensure Install folder/directory has been deleted from the server, ensure your browser cache is cleared - note some servers also have a cache so if still showing contact your host server to request they clear your server cache.


TIP:

  • To bypass your browser's cache:
  • Firefox / Safari: Hold Shift while clicking Reload, or press either Ctrl-F5 or Ctrl-R (⌘-R on a Mac)
  • Google Chrome: Press Ctrl-Shift-R (⌘-Shift-R on a Mac)
  • Internet Explorer: Hold Ctrl while clicking Refresh, or press Ctrl-F5
  • Opera: Go to Menu → Settings (Opera → Preferences on a Mac) and then to Privacy & security → Clear browsing data → Cached images and files.



🠈 Previous Step Next Step 🠊


Phoenix Cart User Guide, like CE Phoenix Cart, is free to use but is maintained by unpaid volunteers.
If you have found it useful, please donate to the coffee pot!
Use this link to donate whatever you want.

Donate with Paypal

Code references are licensed under a Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales License.
All other content is the reserved Intellectual Property and Copyright of phoenixcart.org
PROTECTED BY COPYSCAPE ANTI-PLAGIARISM