How to Secure Your Opencart Shop

Posted by admin 15/09/2014 0 Comment(s) Shopping,

Well begun is half done. But when it comes to security, sometimes there is no beginning altogether. How many times it has happened that you have installed OpenCart and begun uploading your products straight away. All the time! The first thing which needs to be done after installing your new shop is to make sure you take care of basic OpenCart Security measures.  We have seen OpenCart owners coming to us after getting hacked and when our team analyzes the hacks, we realize that causes were a few basic flaws which could have been taken care of on day one. So we’ve compiled a basic list of OpenCart security checks which you should take care of just after installing OpenCart.

OpenCart Security Measures Just After Installing OpenCart

  1. Delete Install Directory: The install directory, usually present at ‘public_html/upload/install‘ should be deleted. This directory contains critical information about database structure, mvc structure and other important details which are not needed post installation. OpenCart Security Remove Install Directory Astra Security
  2. Clear Demo Data: A freshly installed OpenCart store contains a lot of demo data which should be deleted. The demo images can be deleted from ‘upload/image/cache/catalog/demo/‘ & ‘/upload/image/payment/panasia/bank-images/‘.
  3. Ensure No Vouchers Exist: If you are using OpenCart 1.5.x then there could be demo vouchers on the store, delete them from ‘sales/coupons’ tab.  You don’t want hackers to utilize default coupons. If you are on 2.0.x version, then there are chances that there won’t be any coupons already but still its worth checking.
    opencart_delete_coupons_opencart security_astra security
  4. Change Admin Page URL: The first thing a hackers checks when he comes to your website is admin panel. You don’t want to make their work easy by leaving you admin login at /admin itself. Changing your /admin url to something non-guessable is a must follow. You can see the detailed steps on how to change your admin url here. If you use 1.5.x version of OpenCart, pleasure ensure that you version number does not show at the footer of admin panel.
  5. Remove Groups: It is a good practice to remove default customer group which comes by default with OpenCart. In 1.5.x you will find this section at ‘sales/customers/customer groups‘ and in 2.x.x version you can find this section under ‘customers/customer groups‘.
    OpenCart Security Customer Groups Removal by Astra OpenCart Security

Now that basics of OpenCart security have been touched, you should now move on to ensuring additional checks are in place. A comprehensive checklist for such checks can be found at our Ultimate OpenCart Security Checklist page, download it and start following!

Leave a Comment