Websites are by nature high risk elements of the information system. Security is of great importance, and this for several reasons.
The most known threats on websites are disfigurements and denial of service. Disfigurement is an attack in which an attacker modifies the site to replace the legitimate content with content they choose, for example relaying a political message to denigrate the site owner or simply to assert his attack as evidence expertise.
A denial of service for its object to make the site unavailable to its attack legitimate users. In both cases, the impact on the site owner is obviously a poor images and, in the case of a site for supporting a lucrative business, a shortfall.
To reduce the most common attacks ... Here are a few recommendations that you can apply.
Step 1 : Your administrators
Register an Administrator:
Your nickname: We recommend you to alias a complex that is not current or use your email.
Password: a complex password with * / - + - () necessarily complicate a hacker who wants to enter your online store ClicShopping.
In addition, you also have the option to save your password and user name in an htaccess file and htpasswrd. This method is the best, however all servers may not accept this method (at least there may be some incompatibility with ClicShopping code), so we recommend that you save an user without the option htaccess , htpasswrd and with the option to verify proper operation
Maybe you need it also change the file permissions.
Default htaccess file htpassword are not enabled, you must follow this procedure.
The file is located in the ClicShoppingAdmin directory under the name _htaccess.
Change _htaccess by .htacces
Locate and change this line
if you have a problem, after to have created an administrator, look this line in htaccess.
and Change by your relative path to the server.
The file is located in the ClicShoppingAdmin directory under the name _htpasswrd
Change _htpasswrd by .htpasswrd
Step 2 : The Security Module
In the menu menu Configuration / module / sécurity, please edit the different modules to change the security.
For example, the default Administration module contains two types of value:
- Please specify the time waiting for a connection error in the administration part: This value indicates the time that a director must wait before attempting to reconnect
Note : More the time is long, more it's better.
- Please specify the number of allowed login to login as admin: This value indicates the number of attempts allowed connection. If this value is exceeded, it will be impossible to connect.
Note : More the value is small, more it's better.
In addition each attempt failed connection, you will received an email telling you that someone has tried to log in to your administration.
In the menu Tools / Security, server information, you will find a summary of the analysis of the principal organs of ClicShopping.
Menu Information ClicShopping
This file will indicate the security status of key files on your site
a green light: everything is configured on the server
a yellow light: there is a risk, provisions are to be
a red light it is very important to solve this problem.
Menu Surveillance des actions
This file will tell you who logged into your administration, sent email ...
Step 3 : Configuration files and access to the database.
Theoretically, if you have followed the Installation Manual, it is not useful to speak on this item. However, we recall that the rights on the file configure.php file must be read-only mode is chmod 444.
Please make sure that these rights are correct.
Step 4 : Access to your administration
You can also change the directory ClicShoppingAdmin to further improve a little more security tool. However, you must perform several operations on this
- Change the configure.php file located / includes / configure.php by the new path
- Modify the configuration file located ckeditor config.js / ext directory and then enter the new
- Modify the configuration file Kfm, located configuration.php / ext directory and then enter the new
- Edit the htaccess file with the new path.
Etape 5 : Your Store - The images directory
On this directory, it is best is to let the directory chmod 755 and files 644 mode. Generally are the default settings provided by the apache server.
However, there may be a warning at the notifying administration ClicShopping it can not save the file. In this case, we recommend you to directories only 777 mode.
CliCshopping records for setting up the product images file chmod 644.
If you create other directories, we advise you to put an empty index.html or index.php file types, you can create it directly from the images editor that is offered in ClicShopping.
In addition, this directory (but others too) are protected by a .htaccess file preventing them from access these directories via your browser.
If you apply these best practices, you will help to improve the security of your online store. If you are not sure, we can propose you a service and set up properly for you your online store ClicShopping.