網路讀文章
http://www.sitefixit.com/scripts/opencart/how-to-secure-your-opencart-website-improve-opencart-security.php
學習學習
Essential Steps To Do After Installation
- Immediately delete the /install/ directory
- chmod the config.php file in both the root and /admin/ directories to 444
Creating A Proper 404 Error Page
Create a file named 404.html in your store root (this is the base directory of your OpenCart store). You can put anything in the file. This file will be served to anyone who tries to access something inappropriately.
Securing The /admin/ Folder
- To obscure the /admin/ folder, rename it to a more uncommon name, such as /hahaha/. Next, edit the file /admin/config.php and replace the folder name admin with hahaha (or whatever name you renamed the folder to). There should be 5 instances of admin that you have to change. E.g. change define(‘HTTP_SERVER’, ‘http://www.yourdomain.com/admin/’); to define(‘HTTP_SERVER’, ‘http://www.plastictravelbottles.com/hahaha/’);
- Password protect your admin folder with htpasswd. If you’re on cPanel web hosting, then you can do this easily with the Password Protect Directories feature. This method will require you to login twice, but it’s well worth it.
Securing The /system/ Folder
https://isenselabs.com/posts/11-free-time-saving-opencart-21x-admin-modules-for-easy-management-security
免費套件
Hits: 6
