PrestaShop evolves every day with the aim to always put the merchant at the center of our decisions. Whether it’s the development of new features, the establishment of a new user experience or security improvements, this work is carried out continuously with the Community.
That’s why we would like to talk with you about safety and we strongly encourage you to read all these information carefully to improve your shop security.
In addition to being good practices to follow, these simple tips will make your store more secure and more able to receive the security update we will announce soon.
UPGRADE YOUR SHOP
This may seem obvious but it's an important reminder! When was your last update? Indeed, it is important to note that a new version of PrestaShop can provide security updates in addition to fixes and new features.
ADD A SECOND PASSWORD WITH A .HTACCESS FILE
In extra to your current login page, you can add a second level of security to access your back office, by setting up a password using a .htaccess file. This double safety allows you to set a second login and password known only by you. You’ll have to give it before you even get to the back office login page.
Nothing could be simpler, follow the steps as explained in our documentation.
USE COMPLEX PASSWORDS
Of course, avoid easy passwords, like the name of your pet or the date of birth of your first child. You need a really complex and unique password for your shop. The safest is to use a sequence of letters, numbers and special characters or a passphrase (For example: D37htyoB4!17 or Oh!That’saVERYniceboat! 17 or even "I have no idea.").
CHANGE THE ADMIN FILE NAME
When you install PrestaShop, you manage your shop via your back office. This back office is itself accessible via an address defined by a folder on your server. By default, it is renamed to "admin + number", for example admin42. Take the time to rename this file on your server with a name that is unique to you or better, a random sequence of numbers and letters. Your back office will then be accessible to an address as follow: myshop.com/5Ghtsf4k
Well done, your shop is already more secure and that after only a few minutes of work. So please, share these tips with your merchants friends!