It's been asked several times in recent threads, but no answer

[damian5000]

1) Some users have alluded to changing permissions after install, but I can't find anything specific.

 

Which folders/files should we change access levels after install. What level should we change them too.

 

2) I've read some things about making changes in .htaccess . What specifically would be good to change for security purposes after install?

 

Thanks much,

Damian

[rocky]

1) You should use chmod 755 for all your directories and chmod 644 for all your files. All good hosts automatically set these permissions on files you upload by default, so you don't have to worry. Some hosts do not though, so if you notice incorrect permissions, you should correct them.

 

2) I'm not sure what exactly you read, but I know of a couple of things you can add to your .htaccess file to improve security.

 

Although PrestaShop has index.php files in all directories to prevent viewing directory contents, it's possible that some of directories such as third-party modules may not have them. You can add the following to your.htaccess file to prevent directory access even if there is no index.php file:

 

Options -Indexes

 

Another thing you can do is block access to TPL files to prevent people stealing your theme. To do that, add the following code to your .htaccess file:

 

<Files *.tpl>

Order deny,allow

Deny from All

</Files>

[damian5000]

Great...Thank you Rocky. I saw this thread (link below) about a guy who googled his website and found the path to his admin directory had been put out there by Google.

 

We change the name of the admin folder so it's not easily found..somewhat pointless if Google indexes it and makes the path easily found on the net.

 

He password protected the HTDOCS folder (http://www.prestashop.com/forums/topic/120100-solved-admin-folder-name-can-be-seen-in-google/) . How exactly to go about doing that and more impportantly - is it adequate to keep the issue from occurring..?

 

Thanks,

Damian