Like any other website, your Prestashop site needs to be secure.
E-commerce is third on the list of the most coveted areas for computer attacks, which is why it’s so important to secure your store.
In this article, we’ll show you how to secure your Prestashop site using 7 effective and complementary methods.
Why secure a Prestashop site?
Nowadays, it’s easy to hack into a website.
Internet users are all the more wary when it comes to e-commerce sites, as they will be asked to enter personal data for their purchases.
So why secure your Prestashop site?
- To reassure visitors and potential buyers.
- To prevent theft of passwords and other personal data.
- To avoid viruses and the blocking of your entire site.
- To avoid losing traffic.
- To prevent your site from displaying content other than your own.
Here are 7 steps to help you secure your Prestashop site.
1. Installing an SSL certificate
The SSL certificate will protect all user data that connects to your site.
This could be email, passwords or bank details.
The SSL certificate encrypts data exchanged on the site.
In this sense, it protects your visitors and customers more than it protects your site.
To find out whether or not you already have one, simply look at your URL.
If it’s in https and there’s a little padlock next to the link in the top left-hand corner, your site is already secure.
Otherwise, you need to install the SSL certificate.
To do this, go to :
- Buy an SSL certificate or get one free with Let’s Encrypt.
- Install it on your hosting.
- Activate the certificate via your back office.
2. Setting up your store
The basis for securing your Prestashop site lies in the back office.
These basic back office settings must be made as soon as you create your site.
Go to “Preferences”, then “General settings” and check the following boxes:
- Improve front office security: tick yes
- Allow iframes in HTML fields: check yes if you’re using external media content (e.g. Vimeo videos), otherwise check no.
- Use the HTMLPurifier library: check yes
3. Add a password to the server-side administration folder
To access your back office, you have the option of adding an additional level of security beyond the simple classic connection. To do this, set up a password on your administration folder, by adding an .htaccess file and an .htpasswd file to this folder. Choose a complex password that only you will know. Passwords that refer to your date of birth or your pet’s name should be avoided. Ideally, your password should be a mix of upper and lower case letters, numbers and special characters. Your passwords should be stored encrypted in the database.
4. Deactivate development mode
When your site is still under development and unpublished, you’ve probably enabled debug mode.
Once your site has been published, don’t forget to deactivate this function, which could provide valuable information to others.
You can do this from the back office for version 1.5.
For version 1.6, check the defines.inc.php configuration file in config.
For Prestashop 1.7, it’s also in the back office.
5. Change administration directory name
By default, the name of your Prestashop administration directory is admin or admin followed by a number (e.g. admin251).
Change this name to avoid making hackers’ work easier.
Choose a term that’s meaningful to you but not easily identifiable by anyone.
You can also use a mixture of numbers and letters, chosen at random.
6. Update software and modules
An out-of-date site is a hacker’s best target.
When your software, modules and CMS aren’t up to date, you’re faced with security loopholes, and this makes the hacker’s job easier.
It’s not uncommon on a hacked site for the latest security updates not to have been carried out.
So take the necessary steps:
Updating Prestashop
Because Prestashop is so well known and used by thousands of e-tailers, it is one of the most frequently hacked CMS.
Always make sure you have the latest version of Prestashop.
Update modules
Prestashop modules are often updated by their developers.
Again, make sure you always have the latest versions.
Also, when purchasing modules, always use reliable and trustworthy sites.
7. Create site backups
Backups are essential if you don’t want to lose everything if your site is hacked.
Your site should be backed up on a regular basis, ideally once a week.
If your website is hacked, and you don’t have any backups, you’re going to waste a lot of time redoing everything.
You can save a backup :
- on your Prestashop server.
- on an external hard drive.
If you only keep the backup on your site’s server, you also run the risk of losing your backup in the event of a hack. 
Summary of practical tips for securing a Prestashop site effectively :
- Buy and install an SSL certificate.
- Review your store’s basic settings.
- Add a server-side password.
- Disable debug mode on your site.
- Change the name of the administration directory.
- Keep up to date with the latest versions of your site and its modules.
- Make regular backups.
To conclude on securing your Prestashop site
Don’t hesitate to take the time to secure your Prestashop site.
No e-commerce site is immune to hacking or data theft.
But the more you secure your site, the better protected you’ll be. To find out more about Prestashop and your e-commerce project, don’t hesitate to contact me.
As a Prestashop expert since 2008, it will be a pleasure to help you with your web project.
