Opencart Security

Must Take OpenCart Security Measures Just After Installing OpenCart

Updated on: June 9, 2020

Well begun is half done. But when it comes to security, sometimes there is no beginning altogether. How many times it has happened that you have installed OpenCart and begun uploading your products straight away. All the time! The first thing which needs to be done after installing your new shop is to make sure you take care of basic OpenCart Security measures.  We have seen OpenCart owners coming to us after getting hacked and when our team analyzes the hacks, we realize that causes were a few basic flaws which could have been taken care of on day one. So we’ve compiled a basic list of OpenCart security checks which you should take care of just after installing OpenCart.

OpenCart Security Measures Just After Installing OpenCart

  1. Delete Install Directory: The install directory, usually present at ‘public_html/upload/install‘ should be deleted. This directory contains critical information about database structure, mvc structure and other important details which are not needed post installation. 
    OpenCart Security Remove Install Directory Astra Security
  2. Clear Demo Data: A freshly installed OpenCart store contains a lot of demo data which should be deleted. The demo images can be deleted from ‘upload/image/cache/catalog/demo/‘ & ‘/upload/image/payment/panasia/bank-images/‘.
  • Ensure No Vouchers Exist: If you are using OpenCart 1.5.x then there could be demo vouchers on the store, delete them from ‘sales/coupons’ tab.  You don’t want hackers to utilize default coupons. If you are on 2.0.x version, then there are chances that there won’t be any coupons already but still its worth checking.
    opencart_delete_coupons_opencart security_astra security
  • Change Admin Page URL: The first thing a hackers checks when he comes to your website is admin panel. You don’t want to make their work easy by leaving you admin login at /admin itself. Changing your /admin url to something non-guessable is a must follow. You can see the detailed steps on how to change your admin url here. If you use 1.5.x version of OpenCart, pleasure ensure that you version number does not show at the footer of admin panel.
  • Remove Groups: It is a good practice to remove default customer group which comes by default with OpenCart. In 1.5.x you will find this section at ‘sales/customers/customer groups‘ and in 2.x.x version you can find this section under ‘customers/customer groups‘.
    OpenCart Security Customer Groups Removal by Astra OpenCart Security
  • Now that basics of OpenCart security have been touched, you should now move on to ensuring additional checks are in place. A comprehensive checklist for such checks can be found at our Ultimate OpenCart Security Checklist page, download it and start following!

    Shikhil Sharma

    Shikhil Sharma is the founder & CEO of Astra Security. Being involved with cybersecurity for over six years now, his vision is to make cyber security a 5-minute affair. Shikhil plays on the line between security and marketing. When not thinking about how to make Astra super simple, Shikhil can be found enjoying alternative rock or a game of football. Astra Security has been rewarded at Global Conference on Cyber Security by PM of India Mr. Narendra Modi. French President Mr. François Hollande also rewarded Astra under the La French Tech program. Astra Security is also a NASSCOM Emerge 50 company.
    Subscribe
    Notify of
    guest

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    1 Comment
    Oldest
    Newest Most Voted
    Inline Feedbacks
    View all comments
    trackback

    […] Here are Must Take OpenCart Security Measures Just After Installing OpenCart  […]

    Psst! Hi there. We’re Astra.

    We make security simple and hassle-free for thousands
    of websites and businesses worldwide.

    Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

    earth spiders cards bugs spiders

    Made with ❤️ in USA France India Germany