Tips to secure OpenCart on BlackFriday CyberMonday

Sales like BlackFriday, Thanksgiving and other ones have become a huge hit with coming of e-commerce. Billions of dollars are spent within a few days time during thanksgiving period on online shopping.

You’ve prepared your OpenCart store well for the sales. Made sure that every product is in stock, coupon codes are ready and marketing is in full swings. However, one think you might have forgotten is: Security. Just like you hackers also eagerly wait for Thanksgiving sales because this is the time when they perform biggest hacks and scams. During thanksgiving sales hackers hacking for financial gains increases by staggering 9.1%.

OpenCart has always evolved it’s security with time. However sometimes webmasters tend to miss out some measures or hackers are smart enough to still figure out a loophole. Whatever the problem might be, you do not want to take a chance on the most important days of the year.

Tips to Keep Your OpenCart Store Secure During Sales:

  1. Assure You Are Updated: Make sure that you are running the most secure version of OpenCart. It is recommended to use the latest version3.0.x.x as it has come with a number of security features which can come handy.
  2. Hackers Exploit Plug-ins: While OpenCart might be sturdy and secure, hackers try to come in via plug-ins you’ve installed. It is often seen that plug-in developers keep security on a back seat which leads to stores using those plug-ins also being vulnerable. Be sure to install plug-ins only from reliable companies. Reviewing code of the plug-ins and adding additional layer of security like input sanitization on inputs being taken from plug-in is recommended.
  3. Check for Known Vulnerabilities: If for some reason you cannot upgrade your OpenCart to the latest version, then it is highly recommended to make sure the version in use is patched. Whenever there has been a security incident with an OpenCart version an advisory has been released. Here’s how you can quickly assure that patches are in place:
    • Go to google
    • Type ‘OpenCart your version vulnerability’
      Astra OpenCart Security
    • You’ll see a list of all the vulnerabilities associated with your version of OC
    • Now read more on their patches and put them in place
    • Look for signs which show that your website is hacked
  4. Hide Admin Panel: Often hackers write automated bots that try and brute force into your admin panel. It is recommended that you change the URL of the admin panel. The URL is quite easy to guess and tells hackers that security hasn’t been taken into account. Ideal URL should be something which is difficult to guess.
    In addition, putting htpassword protection also goes a long way. It adds one more layer to the security of admin panel. Here’s quick way to generate htpassword using this tool.
  5. Doubt Check Payment Flow: The ‘adding to cart’ and ‘make a payment’ flow are two areas which are exploited by hackers the most. Sometimes plug-ins modify these flows to add certain functionality. However due to some vulnerability in these plug-ins hackers can target your shop. The following types of business logic hacks are direct cause of such loopholes:
    • Hackers buying a product without making payment
    • Ability to change prices of products
    • Pointing payments to their own accounts

    Having a security assessment done for these flows is highly recommended. More so because this directly effects your customers who trust you with their personal information.


Thanksgiving/BlackFriday and other sales are the most important time of the year for any online store owner. OpenCart assures that it is super convenient for you to use and can scale as you attract more visitors to your site. However, security is something which a business owner needs to take in his own hands. It is recommended to either use an OpenCart firewall or get a blackfriday security scan done with Thanksgiving just around the corner.

Was this post helpful?

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Shikhil plays on the line between security and marketing. When not thinking about how to make Astra super simple, Shikhil can be found enjoying alternative rock or a game of football.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Free Website Security Scanner