How to Secure

From Phoenix User Guide

🠈 Back 🠉 DOWNLOAD & INSTALL



Secure the Website

When you have logged into Admin you will see the admin dashboard - see ADMINISTRATION for a complete guide.

Security warnings are given as reminders on the admin dashboard, shown on the right of the screenshot.

Admin.png

These warnings are also shown on the Security Checks page.

From admin go to Adminnavbartools.png Tools → Security Checks to see this:

Securitychecks1.png

  • This shows a new installation with security messages that require attention.

Deal with each one in sequence.



Admin HTTP Authentication

Securitychecks3.png

  • Add a second level of password protection to the youradmin folder/directory on the server.
    • From the admin dashboard go to Adminnavbarconfig.png Configuration → Administrators to see this:

Administrators1.png


  • Click Edit to see this:

Administrators3.png


  • Enter Username: and New Password:
  • Tick the Protect With htaccess/htpasswd box.
  • Click Save to see this:

Administrators2.png


When you next access the site you will see something like this to sign in:

Signin.png


TIP:

  • It is advisable to password protect the whole website to prevent visitors or internet search engines finding the website before it is ready - go to PASSWORD PROTECT - this can also be done on the cpanel in some host server accounts.




config_file_catalog

Securitychecks4.png

  • Ensure both configure.php files have their file permissions set so only owner can read and write - set file permissions to 644 or 444 or 400 dependent on server host. This can be done in your server account control panel or using FTP software e.g. using WinSCP select file, click properties.
    • Important: Our server does not allow the 644 setting to be changed using the control panel or FTP which causes the error message to remain on admin page - in this case contact your host server to change it for you.




Github Directory

Securitychecks5.png

  • Delete this folder/directory from the server - right click and delete.




install_directory

Securitychecks6.png

  • Delete this folder/directory from the server.




Version Check

Securitychecks7.png

  • Click the message - it is linked to Adminnavbartools.png Tools → Version Checker to see this:

Versionchecker.png




The README text file is no longer required.

  • Delete this file from the server.




Make a test purchase

Though not an essential part of securing the shop, now is a good time to browse around the shop and make a test purchase to familiarise yourself with how it works. It is good practice to browse the shop through the eyes of a customer and you should do this every time you make any changes to your website to ensure customers can make a purchase.

  • From admin click on the Your Shop link to go to the shop.

Adminlinks.png

You will see similar to this.

Shop.jpg

NOTE: If the Install page still shows instead of your shop, ensure Install folder/directory has been deleted from the host server and ensure your browser cache is cleared. NOTE: Some host servers also have a cache so don't worry if the Install page is still showing. If temporarily frustrated by the link taking you to yoursite/install/index.php simply change the link in your browser address bar to yoursite/index.php - the host server's cache will eventually clear, usually within 24 hours.


TIP:

  • To bypass your browser's cache:
  • Firefox / Safari: Hold Shift while clicking Reload, or press either Ctrl-F5 or Ctrl-R (⌘-R on a Mac)
  • Google Chrome: Press Ctrl-Shift-R (⌘-Shift-R on a Mac)
  • Internet Explorer: Hold Ctrl while clicking Refresh, or press Ctrl-F5
  • Opera: Go to Menu → Settings (Opera → Preferences on a Mac) and then to Privacy & security → Clear browsing data → Cached images and files.



🠈 Previous Step Next Step 🠊


Phoenix User Guide is a continuing work in progress.
If you have any suggestions for content correction, improvement or inclusion please email us:
Contact.png
not a clickable link to prevent spam

Phoenix Cart User Guide, like CE Phoenix Cart, is free to use but is maintained by unpaid volunteers.
If you have found it useful, please donate to the coffee pot!
Use this link to donate whatever you want.

Donate with Paypal

"Phoenix" and the Phoenix Logo are copyright G. Burton.
Code references are licensed under a Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales License.
All other content is the reserved Intellectual Property and Copyright of phoenixcart.org
PROTECTED BY COPYSCAPE ANTI-PLAGIARISM
uk-unlimited-728x90.gif