How to Enhance Your Store’s Security After Installing TomatoCart

After the successful installation of TomatoCart Opensource Shopping Cart, the following steps need to be performed to secure the installation of the online store.

  1. Remove Installation Files
  2. Reset File and Directory Permissions
    1. Configuration Files
    2. Writable Directories
  3. Extra Protection for the Administration Tool

Remove Installation Files

The install directory must be removed from the web server otherwise a user could use the installation procedure and reconfigure the online store to use another database server.

Reset File and Directory Permissions

Configuration Files

The file permissions on includes/configure.php must be set to deny write access by the web server service. This is commonly performed by setting the permission flag to a read only value of 644 or 444.

Writable Directories

The following directories must be set to allow the web server service to write to for the Administration Tool to function properly. This is commonly performed by setting the permission flags to a world-writable value of 777.

Directories Web Server Writable
images Writable
admin/images Writable
admin/backups Writable
cache Writable
download Writable
includes/work Writable
includes/languages Writable
admin/includes/languages Writable
admin/includes/languages Writable
ext/piwik/tmp Writable
ext/piwik/tmp/cache Writable
ext/piwik/tmp/templates_c Writable

Extra Protection for the Administration Tool

The Administration Tool is secured by its own login routine but is still publicly accessible. For security reasons, it is recommended to further protect the Administration Tool as follows:

  1. Setting a htaccess password on the admin directory.
  2. Renamed the admin directory to another name that is more difficult to guess by the hacker. Once you rename the admin directory, it is necessary to modify the DIR_FS_ADMIN with the new directory name defined in includes/configure.php.

Looking for quality TomatoCart Web Hosting? Look no further than Arvixe Web Hosting!

Tags: , , , , , , | Posted under TomatoCart | RSS 2.0

Author Spotlight

Jack Yin

Jack Yin

TomatoCart Developer & Co Founder - Arvixe Web Hosting / TomatoCart Community Liaison

Leave a Reply

Your email address will not be published. Required fields are marked *


4 × 1 =

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>