Securing OpenCart

Posted by Paul on October 25, 2013

No computer system can ever be 100% secure, as proven recently by security breaches at Facebook, Twitter, Apple and Microsoft. But there are some simple steps you can take to deter all but the most determined hacker.

Rename your Admin Folder
There are automated robots looking for vulnerabilities and attempting different passwords all over the Internet. If someone knows your website runs on OpenCart then they'll know how to get to your password entry screen. Make it harder by renaming the /admin folder. Make sure you also update the paths to it in /config.php and /admin/config.php.

Use Strong OpenCart Passwords and Rename the Admin User
If you haven't had some sort of hacking attempt before, you're probably very new to the web, very lucky or you already use strong passwords. I'm surprised regularly by people who think it's okay to use admin/admin as a password. Let's be clear - NEVER DO THIS! In addition to using a strong password it can be better to rename the admin user to something like your last name as this is a non-default setting which would be harder to guess.

What is a Strong Password?
A strong password is not a dictionary word (such as "sausages") or even a word with numbers added instead of letters such as "p4ssw0rd". A password made up this way is said to be a "munged password" and we've seen several of these being hacked recently. So the best sort of password to use is one that looks like this "jndl420R3KAmOz7". You can either hit random keys on your keyboard or use this handy tool: Of course you'll need to make a note of it somewhere safe, but unfortunately it is essential to use this sort of password or stronger.

cPanel and FTP Passwords
The most important passwords of all are your cPanel and FTP passwords. Make sure these are "strong" as defined above.

Create a Separate Database User
Your cPanel should allow you to create a separate database user and you should do this with a different password to any of your other passwords. This is partly because these passwords are stored in the config.php files and therefore potentially could fall in to the wrong hands.

Keep Your Software Updated
When a vulnerability in a piece of software is found, it's released on the Internet and hackers begin to search for websites that haven't been updated. Software vendors also rush to fix the vulnerability and release a patch. Keeping your software updated will mean you have the latest patches and are less likely to get hacked. This applies not just to your version of OpenCart but also to your Operating System such as Windows, Apple Mac OS or Linux.

Run Anti-Virus Software and Use a Firewall
If a hacker has access to your own computer then they may well be able to access your website from here, using saved browser passwords for example. Make sure you're always running anti-virus software and a good firewall. 

Keeping good backups (and regularly testing them) is the first rule of working with computers. You need to make sure you're with a web host that can restore your site to a daily, weekly or monthly backup if the worst happens and your site is compromised and broken. Without these it may take a developer A LOT of time to find out what's happened and put it right. It's also recommneded to keep your own local copy of your website.

Be Careful Who You Share Passwords With
It goes without saying that, like your bank card PIN, you should be careful who you share your passwords with and change them once any third parties no longer require access to website.

The amount of hacking in the world is increasing and in our view will only continue to increase. The steps listed above are by no means comprehensive but will help to prevent the less sophisticated hacker. 

blog comments powered by Disqus