Zen Cart What Is SSL And Why Is It Important?

Zen Cart store owners who have heard of SSL oftentimes don’t know whether they should have it on their site or not. SSL, in it’s most basic sense, is a security feature, and therefore should be considered an essential part of any online business.

SSL, or Secure Socket Layer, is a certificate that verifies the identity of an online merchant. The information on a standard SSL certificate is used to verify that the certificate holder is who they say they are. This information includes the domain name the certificate was issued to, and the owner of the certificate and domain name. It also states the store owner’s physical location, and the certificate dates(When it was issued, when it expires, etc.).

When a customer connects to a zen cart store hosted on a secure web server, the web browser ‘asks’ the server to authenticate itself. It can do this by presenting a digital certificate as proof that a trustworthy third party can vouch for the website and it’s owners. Customers like knowing that the site they are shopping on is handling their personal information securely. When they are sure that the website they are shopping on belongs to a reputable company, and is not, for example, phishing for personal information like credit card numbers, birthdays, etc., they are much, much more likely to complete a purchase from that website than if it was unsecured.

In short, SSL certificates give you non-forgeable proof of your site’s identity, and this helps customers trust you, and your online business. Since customers are now becoming more acutely aware of their online security, and the advantages of SSL, many will not even spend time on an unsecured store, much less consider purchasing from them.

If you need help with your zen cart web site please contact us for a quote.

zen cart plus picaflor azul equals success

Secure Your Site Remove the Print URL Feature From Your Browser

Removing the print URL feature from your browser is a simple step which will go far to help secure your zen cart site. Removing it will stop your browser from printing the admin URL on invoices.

For Microsoft Internet Explorer

  • Click on File then Page Setup
  • At the page setup window, remove these two character combination “&u” from the header or footer text box.

For Firefox

  • Click on File then Page Setup
  • On page setup window click on the tab “Margins & Header/Footer”. In the “Header & Footer” section set all of the drop downs to –blank–. (Or at least remove all instances of “Title” and “URL” from the various boxes.)

Other browsers offer similar menu choices to change these settings.

If you need help customizing your zen cart web site, or would like a great custom design, please contact us for a quote.

equation

Secure Your Site Disable “Allow Guest To Tell A Friend”

One quick and easy step to help secure your zen cart admin is disable the “Allow Guest To Tell A Friend” feature. This will prevent non-logged-in customers from using your server to send unwanted email messages. This step by step tutorial will show you how to do this.

Log into your zen cart admin and go to Configuration -> Email Options.

Select “Allow Guest To Tell A Friend”. Click on “false” and click on the “update” button.

If you need help customizing your zen cart web site, or would like a great custom design, please contact us for a quote.

equation

Secure Your Site by Protecting Admin Access

Protecting access to your zen cart admin is an easy step you can take to help secure your zen cart site. You should always be cautious when working in your zen cart admin. Here are some simple steps you can take to protect the access to your zen cart admin.

1. Use only one browser tab to access your admin area.

2. Always log out of your admin when you are not using it.

3. Do NOT visit other sites (ESPECIALLY email sites like gmail/yahoo/hotmail/etc) when your browser has an active admin login session enabled, even if it is in another tab. This is because if you click on links in emails you run the risk of opening yourself up to XSS problems if you are also logged into your store admin.

If you need help customizing your zen cart web site, or would like a great custom design, please contact us for a quote.

equation

Secure Your Site With Admin Password Security



Using a secure password for your zen cart store admin is a must. This tutorial will give you tips on how to create a secure password and will show you step by step how to change your current admin password to something more secure.

Your password should be something complicated so that hackers will not be able to easily guess it. Your password should be at least eight or more characters long, and a mix of letters and numbers, and even upper-and-lower case. Making it multiple words (of letters-and-numbers) with spaces in between will make it almost impossible to guess or crack. If you are having trouble coming up with a password, use the online password generator here.

Admin passwords should be changed at least every 3 months. To change your admin password, log into the zen cart admin and go to Tools > Admin Settings.

Select your admin account and click on the “reset password” button.

Make the password changes and click on the “save” button.

If you need help customizing your zen cart web site, or would like a great custom design, please contact us for a quote.

equation

Secure Your Site Delete Unused Admin Accounts



Another easy step you can take to help secure your zen cart store is to delete unused admin accounts. This step by step tutorial will show you how.

Log into your zen cart admin and go to Tools > Admin Settings.

Select the unused account and click on the “delete” button.

Click on the “delete” button.

Follow this procedure for all unused admin accounts.

If you need help customizing your zen cart web site, or would like a great custom design, please contact us for a quote.

equation

Secure Your Site Set Configure Files Read-only

Take this quick and easy step to help make your zen cart store more secure. This step by step tutorial will show you how to set the permissions on your configure.php files to read only.

There are 2 configuration files in zen cart. One for the admin and one for the store. They are located in:
/includes/configure.php
/admin/includes/configure.php

Permissions on these 2 files should be set at 644 or 444. An easy way to set file permissions is via the file manager of your host control panel.

Log into your web host cpanel and click on the file manager icon.

Select “web root” and click on “Go”.

Navigate to the includes folder and click on “configure.php”.

In the right hand frame click on “Change Permissions”.

Change the permissions to “444” and click on the “change” button.

Find the “configure.php” file in the list and check to be sure that the permissions are now set at “444”.

Repeat the procedure for the admin/includes/configure.php

Please note that changing permissions to read only via FTP is not a good idea. Quite often setting permissions on a file to read only via FTP will not work. Even if the permission looks like it was set to read only, it really may not have been.

If you need help customizing your zen cart web site, or would like a great custom design, please contact us for a quote.

equation

Secure Your Site by Using SMTPAUTH or SMTP as Your Email Transport Method



Using SMTPAUTH or SMTP as your email transport method will not only help prevent outgoing emails from ending up in spam folders, but it will also prevent the disclosure of your admin folder when sending emails from your admin screens. This step by step tutorial will show you how to change your email transport method via the zen cart admin.

Log into your zen cart admin and go to Configuration->Email Options.

Select “E-Mail Transport Method” and click on the “edit” button.

Select “smtp” or “smtpauth” and click on the “update” button.

On the same admin page (toward the bottom of the list) Configuration -> Email Options, you will need to fill in the following information:

  • SMTP Email Account Mailbox
  • SMTP Email Account Password
  • SMTP Email Mail Host
  • SMTP Email Mail Server Port

If you need help customizing your zen cart web site, or would like a great custom design, please contact us for a quote.

equation

Secure Your Site by Removing Extra Folders



Securing your zen cart site from hackers and other unwanted activity should be of primary importance before going live with your site. This tutorial will explain step one of the security recommendations.

Remove extra folders from your server after install to minimize security risks

This should be done after you have finished the installation process and you have tested your site to ensure that it is working properly. This testing should include live transaction tests of all of your payment and shipping modules.

Remove the following folders and all files inside the folders:

/docs

/extras

/zc_install

/install.txt (this file can be removed, too)

These folders should never be on a live server. It is a good idea to keep a back up of these folders on your computer for future reference or upgrades.

If you will not be selling downloadable products or music-media products, you can also remove these folders and all files within the folders:

/download

/media

/pub

After these have been deleted, you will need to log into your zen cart admin and go to Configuration->Attribute Settings

Select “Enable Downloads” and click on the “edit” button.

Select “false” and click on the “update” button.

In the future, if you choose to add downloadable products or music-products to your zen cart, you will want to re-upload these folders (and their contents) to your server again, and assign appropriate permissions.

If you need help customizing your zen cart web site, or would like a great custom design, please contact us for a quote.

equation