How to secure a PrestaShop Store?
7 ways to create a secure ecommerce store with PrestaShop
Like any other website, your Prestashop site must be secure. E-commerce is third on the list of the most coveted domains for computer attacks, hence the importance of securing your shop.
In this article, you will discover how to secure a Prestashop website thanks to 7 efficient and complementary methods.
Why secure a Prestashop site?
Nowadays, it is easy to hack a website. Internet users are even more wary if it is an e-commerce site, as they will be asked to enter personal data for their purchases.
So why secure your PrestaShop store?
- To reassure visitors and potential buyers.
- To avoid the theft of passwords or other personal data.
- To avoid viruses and the blocking of the entire site.
- To avoid losing traffic.
- To avoid his site displaying content other than his own.
Here are 7 steps that show you how to secure a Prestashop site.
1. Installing an SSL certificate
The SSL certificate will allow you to protect all the data of users who connect to your site. This can be email, passwords, or bank details.
The SSL certificate encrypts the data exchanged on the site. In this sense, it protects your visitors and customers more than your site.
To find out if you already have one or not, just look at your URL. If it is in https and there is a small padlock next to the link in the top left corner, your site is already secure. Otherwise, you need to install the SSL certificate.
To do this, go to :
- Buy an SSL certificate or get one free with Let’s Encrypt.
- Install it on your hosting.
- Activate the certificate via your back office.
2. Setting up your shop properly
The basis of the security of your Prestashop site is in the back office. These basic settings of the back office must be made when you create your site.
Go to “Preferences”, then “General settings” and check the following boxes:
- Improve front office security: check yes
- Allow iframes in HTML fields: check yes if you use external media content (e.g. Vimeo videos), otherwise check no
- Use the HTMLPurifier library: check yes
3. Add a password to the server-side administration folder
To access your back office, you can add an extra level of security beyond the standard login. To do this, set up a password on your administration folder, by adding an .htaccess file and an .htpasswd file to that folder.
Choose a complex password that only you know. Passwords that refer to your date of birth or your pet’s name should be avoided. Ideally, your password should be a mixture of upper and lower case letters, numbers and special characters.
Your passwords should be stored encrypted in the database.
4. Deactivate the development mode
When your site is still in development and not published, you have probably activated the debug mode. Once your site is published, don’t forget to deactivate this function which could give valuable information to others.
You can do this in the back office for version 1.5. For version 1.6, check the defines.inc.php configuration file in config. For Prestashop 1.7, it is also in the back office.
5. Changing the name of the administration directory
By default, the name of your administration directory on Prestashop is admin or admin followed by a number (for example admin251).
Change this name to avoid making the work of hackers easier. Choose a term that speaks to you but that is not easily identifiable by anyone. You can also use a mixture of numbers and letters, chosen at random.
6. Keep software and modules up to date
A website that is not up to date is the best target for a hacker. When your software, modules and CMS are not up to date, you have security holes, and this makes the hacker’s job easier.
It is not uncommon on a hacked site that the latest security updates have not been performed. So take the necessary measures:
Because Prestashop is so well known and used by thousands of e-tailers, it is one of the most hacked CMS. Always check that you have the latest version of Prestashop.
Prestashop modules are often updated by their developers. Again, make sure you always have the latest versions.
Also, when you buy modules, always use reliable and trustworthy sites.
7. Create backups of your store
Backups are essential if you do not want to lose everything if your site is hacked.
Your site should be backed up regularly, ideally once a week. If your website is hacked, and you don’t have backups, you will lose a lot of time redoing everything.
You can save a backup :
- on the server of your PrestaShop site.
- on an external hard drive.
If you only keep the backup on your site’s server, you also run the risk of losing your backup in case of hacking.
To conclude on the security of your Prestashop store
Don’t hesitate to take time to secure your Prestashop website. No e-commerce site is safe from hacking or data theft. But the more you secure your site, the better protected you will be.