How to improve your CS-Cart security

After you install CS-Cart, you can improve your site security by following the recommendations in this article.

Change the administration panel file name

Change the default name of admin.php to something only you know. To change the name of admin.php, follow these steps:

1) Log into your cPanel.


2) Click File Manager.


3) Locate admin.php, right-click it and select Rename. Choose a name that only you know and that you will remember.


4) Click Rename File.

5) Change config.local.php to include the new admin filename. In the File Manager, locate config.local.php, right-click it and select Edit

6) In the confirmation box, click Edit.

7. In the file, find this line:

$config['admin_index'] = 'admin.php';

and change it to reflect the new name of the admin file.

$config['admin_index'] = 'my_secret_admin.php';

8) Click Save Changes and then click Close.

9) Confirm that the install folder has been deleted. The Install folder is usually automatically deleted after installation, but it’s a good idea to check and delete it if necessary. If it exists, the Install folder will be in the same directory as admin.php. 

11) If you see the Install folder, right-click it and select Delete

12) In the confirmation box, click Confirm.

Check the file permissions

Ensure that the following files and folders have 644 permissions applied to them

config.local.php 644
design/.htaccess 644
images/.htaccess 644
var/.htaccess 644
var/themes_repository/.htaccess 644
design/index.php 644
images/index.php 644
var/index.php 644
var/themes_repository/index.php 644

Configure security settings

You can enable secure connections (HTTPS) for your administration panel, storefront, or both.

1) In the administration panel, go to Settings > Security settings.

2) In the Enable secure connection for the storefront dropdown, select one of the following:

  • Secure profile, checkout and order pages – Choose this to enable secure connections only on the profile, checkout, and order pages. These are the store pages that typically send data to the server.
  • Secure full site – Choose this to enable secure connections on all store pages.

3) Select Enable secure connection in the administration panel.

4) Click Save.

Use the Access Restrictions add-on

You can use the CS-Cart Access Restrictions add-on to restrict access to the administration panel and storefront based on user IP address. 

If you have any questions about securing your CS-Cart installation or if you need help with your HostPapa account, please open a support ticket from your dashboard.

Related Articles

Get online with our affordable web hosting

Get online with our affordable web hosting

Learn more now
HostPapa Mustache