How Secured Is PrestaShop 1.4.3?

[philee]

I was wondering how secured is the latest version of PrestaShop?

Has anyone here had their PrestaShop hacked?

Is it safe to give visitors the ability to insert a file inside the contact form? What additional safety precaution I can do to avoid being a victim?

[rocky]

I've seen quite a few posts on the forums where PrestaShop stores have been hacked, but this is not because PrestaShop is insecure. These people have often used chmod 777 permissions, which allows anyone to modify their files, because the old PrestaShop documentation instructed them to do this. The instructions have since been updated to say chmod 755 for directories and 644 for files. Another reason some people get hacked is because they are using an insecure OS like Windows XP that hasn't been updated with the latest security updates, so their computer has become compromised with malware that has stolen their FTP password, giving a hacker full access to their account.

 

PrestaShop v1.4.3 itself is very secure. As long as you have the right permissions and keep your computer secure, you shouldn't have any problems. The IP address of cookies is checked to prevent your cookie being stolen and tokens are used in the Front Office and Back Office for increased security. If you want extra security, you can enable SSL on your server and in the Back Office, so all your communications with PrestaShop are encrypted.

 

PrestaShop v1.5 will further improve security by redirecting all requests through a single index.php file, so there's only one point of attack that is easier to secure. For example, in PrestaShop v1.4.3, category.php lists products and product.php displays individual products, which are two separate points of attack. In PrestaShop v1.5, index.php?controller=category lists products and index.php?controller=product displays individual products, which is a single point of attack.

[Bewitching]

I just want to note:

The following page titled "Instal PrestaShop still has the old CHMOD 777 listed as the prefered file permissions.

It NEEDS to be updated like YESTERDAY !!

Link: PrestaShop install Guide

[philee]

Thanks for your response Rocky. Answered all my questions very thoroughly and descriptive.