Zen Cart store owners who have heard of SSL oftentimes don’t know whether they should have it on their site or not. SSL, in it’s most basic sense, is a security feature, and therefore should be considered an essential part of any online business.
SSL, or Secure Socket Layer, is a certificate that verifies the identity of an online merchant. The information on a standard SSL certificate is used to verify that the certificate holder is who they say they are. This information includes the domain name the certificate was issued to, and the owner of the certificate and domain name. It also states the store owner’s physical location, and the certificate dates(When it was issued, when it expires, etc.).
When a customer connects to a zen cart store hosted on a secure web server, the web browser ‘asks’ the server to authenticate itself. It can do this by presenting a digital certificate as proof that a trustworthy third party can vouch for the website and it’s owners. Customers like knowing that the site they are shopping on is handling their personal information securely. When they are sure that the website they are shopping on belongs to a reputable company, and is not, for example, phishing for personal information like credit card numbers, birthdays, etc., they are much, much more likely to complete a purchase from that website than if it was unsecured.
In short, SSL certificates give you non-forgeable proof of your site’s identity, and this helps customers trust you, and your online business. Since customers are now becoming more acutely aware of their online security, and the advantages of SSL, many will not even spend time on an unsecured store, much less consider purchasing from them.
Removing the print URL feature from your browser is a simple step which will go far to help secure your zen cart site. Removing it will stop your browser from printing the admin URL on invoices.
For Microsoft Internet Explorer
Click on File then Page Setup
At the page setup window, remove these two character combination “&u” from the header or footer text box.
Click on File then Page Setup
On page setup window click on the tab “Margins & Header/Footer”. In the “Header & Footer” section set all of the drop downs to –blank–. (Or at least remove all instances of “Title” and “URL” from the various boxes.)
Other browsers offer similar menu choices to change these settings.
One quick and easy step to help secure your zen cart admin is disable the “Allow Guest To Tell A Friend” feature. This will prevent non-logged-in customers from using your server to send unwanted email messages. This step by step tutorial will show you how to do this.
Log into your zen cart admin and go to Configuration -> Email Options.
Select “Allow Guest To Tell A Friend”. Click on “false” and click on the “update” button.
Protecting access to your zen cart admin is an easy step you can take to help secure your zen cart site. You should always be cautious when working in your zen cart admin. Here are some simple steps you can take to protect the access to your zen cart admin.
1. Use only one browser tab to access your admin area.
2. Always log out of your admin when you are not using it.
3. Do NOT visit other sites (ESPECIALLY email sites like gmail/yahoo/hotmail/etc) when your browser has an active admin login session enabled, even if it is in another tab. This is because if you click on links in emails you run the risk of opening yourself up to XSS problems if you are also logged into your store admin.
Using a secure password for your zen cart store admin is a must. This tutorial will give you tips on how to create a secure password and will show you step by step how to change your current admin password to something more secure.
Take this quick and easy step to help make your zen cart store more secure. This step by step tutorial will show you how to set the permissions on your configure.php files to read only.
There are 2 configuration files in zen cart. One for the admin and one for the store. They are located in:
Permissions on these 2 files should be set at 644 or 444. An easy way to set file permissions is via the file manager of your host control panel.
Log into your web host cpanel and click on the file manager icon.
Select “web root” and click on “Go”.
Navigate to the includes folder and click on “configure.php”.
In the right hand frame click on “Change Permissions”.
Change the permissions to “444” and click on the “change” button.
Find the “configure.php” file in the list and check to be sure that the permissions are now set at “444”.
Repeat the procedure for the admin/includes/configure.php
Please note that changing permissions to read only via FTP is not a good idea. Quite often setting permissions on a file to read only via FTP will not work. Even if the permission looks like it was set to read only, it really may not have been.
Using SMTPAUTH or SMTP as your email transport method will not only help prevent outgoing emails from ending up in spam folders, but it will also prevent the disclosure of your admin folder when sending emails from your admin screens. This step by step tutorial will show you how to change your email transport method via the zen cart admin.
Log into your zen cart admin and go to Configuration->Email Options.
Select “E-Mail Transport Method” and click on the “edit” button.
Select “smtp” or “smtpauth” and click on the “update” button.
On the same admin page (toward the bottom of the list) Configuration -> Email Options, you will need to fill in the following information:
Securing your zen cart site from hackers and other unwanted activity should be of primary importance before going live with your site. This tutorial will explain step one of the security recommendations.
Remove extra folders from your server after install to minimize security risks
This should be done after you have finished the installation process and you have tested your site to ensure that it is working properly. This testing should include live transaction tests of all of your payment and shipping modules.
Remove the following folders and all files inside the folders:
/install.txt (this file can be removed, too)
These folders should never be on a live server. It is a good idea to keep a back up of these folders on your computer for future reference or upgrades.
If you will not be selling downloadable products or music-media products, you can also remove these folders and all files within the folders:
After these have been deleted, you will need to log into your zen cart admin and go to Configuration->Attribute Settings
Select “Enable Downloads” and click on the “edit” button.
Select “false” and click on the “update” button.
In the future, if you choose to add downloadable products or music-products to your zen cart, you will want to re-upload these folders (and their contents) to your server again, and assign appropriate permissions.