How to Secure
Secure the Website
When you have logged into Admin you will see the admin dashboard - see ADMINISTRATION for a complete guide.
Security warnings are given as reminders on the admin dashboard (highlighted in the screenshot).
These warnings are also shown on the Security Checks page.
So, clicking the It has been over 30 days... link goes to Security Checks (also found from admin go to 
Tools → Security Checks)
This will be seen:
- This shows a new installation with security messages that require attention (highlighted in the screenshot).
Deal with each one in sequence.
Admin HTTP Authentication
- Add a second level of password protection to the youradmin folder/directory on the server.
- From the admin dashboard go to
Configuration → Administrators to see this:
- From the admin dashboard go to
- Click Edit to see this:
- Enter Username: and New Password:
- Tick the Protect With htaccess/htpasswd box.
- Click Save to see this:
When you next access the admin you will see something like this to sign in:
TIP:
- It is advisable to password protect the whole website to prevent visitors or internet search engines finding the website before it is ready - go to PASSWORD PROTECT - this can alternatively be done on the control panel in some host server accounts.
Github Directory
- Delete this folder/directory from the server using your FTP software or host server control panel.
install_directory
- Delete this folder/directory from the server using your FTP software or host server control panel.
Version Check
- Click the message - it is linked to Tools → Version Checker to see this:
The README text file is no longer required.
- Delete this file from the server.
Make a test purchase
Though not an essential part of securing the shop, now is a good time to browse around the shop and make a test purchase to familiarise yourself with how it works. It is good practice to browse the shop through the eyes of a customer and you should do this every time you make any changes to your website to ensure customers can make a purchase.
- From admin click (or maybe right click and Open link in new tab) on the Your Shop link to go to the shop.
You will see similar to this.
NOTE: If the Install page still shows instead of your shop, ensure Install folder/directory has been deleted from the host server and ensure your browser cache is cleared. NOTE: Some host servers also have a cache so don't worry if the Install page is still showing. If temporarily frustrated by the link taking you to yoursite/install/index.php simply change the link in your browser address bar to yoursite/index.php - the host server's cache will eventually clear, usually within 24 hours.
TIP:
- To bypass your browser's cache:
- Firefox / Safari: Hold Shift while clicking Reload, or press either Ctrl-F5 or Ctrl-R (⌘-R on a Mac)
- Google Chrome: Press Ctrl-Shift-R (⌘-Shift-R on a Mac)
- Internet Explorer: Hold Ctrl while clicking Refresh, or press Ctrl-F5
- Opera: Go to Menu → Settings (Opera → Preferences on a Mac) and then to Privacy & security → Clear browsing data → Cached images and files.
Phoenix Cart User Guide, like CE Phoenix Cart, is free to use but is maintained by unpaid volunteers.
If you have found it useful, please donate to the coffee pot!
Use this link to donate whatever you want.
Donate with Paypal
All other content is the reserved Intellectual Property and Copyright of phoenixcart.org
PROTECTED BY COPYSCAPE ANTI-PLAGIARISM
