As you probably know, we work hard to improve the security level of the online stores powered by CS-Cart and Multi-Vendor. We release patch if a vulnerability is found, and inform our clients in due course. But safety of your store is not only our responsibility. 

What Can Be Done on Your Own to Improve the Security of Your Store?

We prepared some basic recommendations for you to follow:

1. Once the installation is complete, perform the following actions:

• Remove the directory install/.
• Rename the default admin.php script (check the Knowledge base for details).
• Use a strong administrator password.
  • At least eight characters long.
  • It should not contain a dictionary word, your user name, real name, or company name.
  • Do not use your previous passwords.
  • It should contain characters from each of the four categories: uppercase letters, lowercase letters, numbers, symbols and spaces.
• Remove the distribution package from the web accessible directory on your server.
• Change the access permissions for the files as advised below.

chmod 644 config.local.php
chmod 644 design/.htaccess images/.htaccess
chmod 664 var/.htaccess var/themes_repository/.htaccess
chmod 644 design/index.php images/index.php
chmod 664 var/index.php var/themes_repository/index.php

The chmod 644 command leaves the file readable and writable for the file owner and makes it readable for all other system users. The file contents cannot be viewed in a browser though.

2. Always update your CS-Cart or Multi-Vendor to the latest version as it has higher security level.

3. Do not forget to backup your store on a regular basis. In this way you will always have the last stable version of your website to fall back to in case of trouble.

We would like to draw your attention to the add-ons available on our Marketplace, which can help you to backup and secure your store. Currently there are 3 of them:

EZ Admin Helper

EZ Admin Helper is a powerful and user friendly add-on that have a number of tools to backup and secure your site. It’s features:

• Security
  • Force reset of user passwords
  • Change Admin URL
  • Monitor files (Monitor the new, modified or removed files to ensure the changes you see make sense. I.e. Is this new PHP file supposed to be there? Why was index.php modified? When did thumbs.php or test.gif appear?
• Backup
  • Backup site
  • Backup database
  • Optimize database
• Automation
  • Clear cache
  • Clear template cache
  • Clear thumbnails cache
  • Clear logs
  • Clear statistics
  • Clear carts
  • Update currencies

It is easy to schedule all actions mentioned above right from the admin panel of your store. You can have results for any/all tasks emailed to you, plus you can “run now” any action/s manually.

Admin Actions by Cron

Admin actions by cron is free but still powerful add-on, that will help you to perform automatically the following activities behind the scene:

• Backup
  • Backup database
  • Optimize database
• Automation
  • Clear cache
  • Clear template cache
  • Clear thumbnails cache
  • Clear logs

You can choose this solution if you have some experience with Cron as all settings are performed in Cron.

Cron Jobs

The last but not the least is Cron jobs. It allows you to perform automatically the following actions at set intervals:

• Backup
  • Backup database
  • Optimize database
• Automation
  • Clear cache and regenerate site map
  • Clear statistics
  • Clear logs

You can have the results for all tasks emailed to you.

We hope that this information was helpful.