How to Secure

From Phoenix Cart User Guide
Revision as of 03:38, 3 October 2019 by PeterRobert (talk | contribs) (Created page with "Secure the Website Warnings as shown below are given as reminders both on the Administration Dashboard page (yoursite/youradmin/index.php - you can go to this page by clicking...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Secure the Website Warnings as shown below are given as reminders both on the Administration Dashboard page (yoursite/youradmin/index.php - you can go to this page by clicking Administration in the header bar at the top of the screen) and on the Security Checks page - go to Tools -> Security Checks. HTTP Authentication has not been set up for the osCommerce Administration Tool - please set this up in your web server configuration to further protect the Administration Tool from unauthorized access. Add a second level of password protection to the "youradmin" folder/directory on the server. Go to Configuration -> Administrators, click Edit, tick the Protect With htaccess/htpasswd box, click Save. Alternative: A second level of password protection also be done on some host server accounts or use a htaccess password file generator e.g. htaccesstools.com Optional: Password protection can also be added in a similar way to the whole website to prevent visitors or internet search engines finding the website before it is ready I am able to write to the configuration file: /youradmin/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. Ensure both configure.php files have their file permissions set so only owner can read and write - right click on file and set File permissions to 644 or 444 dependent on server host. Important: Our server only allows a 644 setting which causes the error message to remain on admin page - providing the setting is 644 this can be ignored. Presuming a SSL certificate is installed - edit both includes/configure.php and youradmin/includes/configure.php on the server In Filezilla - right click file - click View/Edit - change line 4 to define('ENABLE_SSL', true); - save and then back to Filezilla and click Yes to upload the file back to the server. Important: includes/configure.php and youradmin/includes/configure.php are different files in different locations, never open both at once to avoid confusion and ensure they are transferred to the correct locations. Github directory exists at: /youradmin/.github. You should delete this directory. Delete this folder/directory from the server - right click and delete. Installation directory exists at: /youradmin/install. Please remove this directory for security reasons. Delete this folder/directory from the server - right click and delete. NOTE: If the Install page is still shows instead of your shop, ensure Install folder/directory has been deleted, ensure your browser cache is cleared - note some servers also have a cache so if still showing contact your host server to request they clear your server cache. The README text file is no longer required. Delete this file from the server - right click and delete.