We will do everything possible to make sure our store is not the victim of a successful attack. Fortunately, the PrestaShop team takes security very seriously and issues updates and fixes as soon as possible after any problems are discovered. We just have to make sure we do everything we can and also implement the PrestaShop upgrades as soon as they are available. It is also vital that we always have a recent copy of our store because one day, it is probably inevitable that our shop will die on us. It might be a hacker or maybe we will accidentally muck it up ourselves. A recent backup to handle this type of event is a minor inconvenience, because without one, it is an expensive catastrophe.
So let’s get on with it…
There are different types of security attacks. Here is a very brief explanation of some of the most common ones. Hopefully, this will make it clear why security is an ongoing and evolving issue and not something that can ever be 100 percent solved out of the box.
These are often overlooked—make sure your passwords are impossible to guess. Use number sequences that are memorable to you but unguessable and meaningless to everyone else. Combine number sequences with regular letters in a variety of upper and lower case. Don’t share your passwords with anyone. This applies to anyone who has access to your shop or hosting account.
This is when an attacker uses software to repeatedly attempt to gain access or discover a password by guessing. Clearly, the simplest defence against this is a secure password. A good password is one with upper and lower case characters, apparently random numbers and words that are not names or are in the dictionary. Does your administrator password stand up to these criteria?
A malicious person amends, deletes, or retrieves information from your database by cleverly manipulating the forms or database requests contained in the code of PrestaShop. By appending to legitimate PrestaShop database code, harm can be done or breaches of security can be achieved.
Attackers add instructions to access code on another site. They do this by appending a URL pointing to malicious code to a PHP URL of a legitimate page on your site.
This is straight forward. It is likely that while developing or amending your website, you will mess up some or perhaps all of your PrestaShop. I did it once while writing this article. I will give you the full details of my slightly embarrassing confession later.
So with so many ways that things can go wrong, we better start looking at some solutions.
If you plan to employ someone or if you have a partner who is going to help in your new shop, it makes good sense to create a new user account so that they have their own login details. Even if it will be only you who needs to use the PrestaShop control panel, there is still a good argument for creating two or more accounts. Here is why.
First we will consider a scenario, though a slightly exaggerated one:
Guns4u wants to offer articles about how to use its products. The management, probably correctly, believe that in-depth how-tos about all its products will boost sales and increase customer retention. The diverse nature of their products makes employing a single writer impossible. For example, an expert on small arms is rarely an expert on ground-to-air ordinance. And a user of laser targeting equipment probably doesn’t know the first thing about ship-based artillery.
This is quite a problem. The management decides they need a way to allow a whole team of freelance writers who can login directly to the PrestaShop CMS. But bearing in mind the highly dubious backgrounds some of these writers will have, how can they be trusted in the PrestaShop control panel?
Suppose you employ somebody to write articles for you. You don’t really want them being able to play with product prices or payment modules. You would want to restrict them to the CMS area of the control panel. Similarly, your partner might be helping you wrap and pack your products. To avoid accidents you might like to restrict them to the Customers and Orders tab.
Now consider this scenario. Even you, after reading this article, can make a mistake. It is a really good idea to create at least one extra user account for you. I always make myself a wrapping and packing account. I use it all the time and it is reassuring to know that I can’t accidentally click anything that can cause a problem.
This type of user security is common in large organisations. On a company intranet, employees will almost always be restricted to areas of the company system to which they need and nothing more.
Below is how to create a new user account and then after that we will look at profiles and permissions to enforce the restrictions and permissions suitable to us.
Okay, let’s create a new user.
As you have come to expect, this is really easy.
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…