Zen Cart Store Security – How To Secure Your ZenCart Store
Zen Cart is a free, user-friendly, open source shopping cart software program designed and developed by consultants, designers, programmers, and shop owners who all believe e-commerce web designs need to be revamped.
Zen Cart put the merchants and shoppers needs first and can be installed by anyone with the even the most basic level of computer and web site building skills.
Out of the hundreds of shopping cart programs available Zen Cart is at the top of the list, offering more options, features, and support than other e-commerce programs.
Because Zen Cart is such an important part to the success of your business, it’s imperative that you protect your database. Before you make any admin modifications to your database, you need to ensure all is safe and secure.
SSL Security Protection Tips
…if someone is watching/listing to the information you transmit, it might not be long before your private business information becomes public. The bare minimum you should have is access to shared SSL services from your hosting company.
The preferred would be to have a dedicated SSL certificate for your store, as it is more professional in appearance than the use of a shared certificate. There will be an expense incurred to obtain a dedicated SSL certificate and dedicated IP address in your hosting account.
Additionally, it would be prudent (if your hosting company offers FTPS support) to use a program that offers FTP over SSL/TLS instead of just traditional non-secure FTP. This tool will encrypt the information you transmit and receive.
1. Delete the /zc_install folder
2. Rename your /admin folder
3. Set configure.php files read-only
4. Delete any unused Admin accounts
5. Admin Password Security
6. Protect your “define pages” content in “html_includes”
7. Use .htaccess files to protect against unwanted snooping
8. Disable “Allow Guest To Tell A Friend” feature
9. Protect your “images” and other folders
10. Remove the print URL feature from your browser
11. Things to Check Up on Regularly
- Be sure you’ve done all the steps listed in this document.
- Make recent backups of your website files and database.
- Backup the database over a secure connection (SSL).
- Backup the website files over a secure connection FTP over SSL/TLS.
- Store the backed up database and website files into an encrypted file.
- Check your server’s error log regularly for odd or suspicious activity.
- Look for any links that went to a page that isn’t in your site.
- Look for links that have http after the index.php.
- Check your website files regularly to be sure nothing’s been added or altered.
- Ask your web host what they have done to be sure the server you’re on is safe and secure so that outsiders cannot do any harm, and so that other websites on your server cannot be used to get to your site and cause any harm (in case they have security holes in them).
- If your business warrants, or you still want additional assurance (especially if running forum software on your site, or other scripts outside of Zen Cart™), hire a security consultant to check your site regularly and give you peace of mind in exchange for a few dollars.
12. Admin Access Protection
- It is wise to observe caution while working in your admin area:
- Use only one browser tab to access your admin area
- Do NOT visit other sites when your browser has an active admin login session enabled even in another tab
- Always log out of your admin when not using it
I have been using a different shopping cart program, but it’s not great, I will definately have to give ZenCart a go, I have read quite a few positive reviews of it.