Just to add a few things to this that I see way too often:
1 - Never keep the 'Master' account. When you first log in to X-Cart, create a new admin account, log out, log back in with the new account and delete the master account.
2 - Password protect your Admin and Provider directories. One extra level of protection will discourage hackers. This can usually be done via your hosts Control Panel.
3 - Turn OFF the option of sending CC info via e-mail - in General Settings/E-mail options.
4 - Change your permissions:
.php - 644
.tpl - 644
.pl - 755
.sh - 755
VERSION - 644
FOLDERS
templates_c - always 777
catalog - 777 - (to be able to write catalog and then 755 once catalog has been written)
files - 777 - (to be able to write to the folder / upload pics etc)
log - 777
All others - 755
You can do this via FTP, your hosting control panel, or by using SSH with a command like this:
find ./ -name "*.php" -print -exec chmod 644 {} \;
5 - Disable storing of CC info in the database (unless you are using manual credit card processing). Open up config.php (found in your root directory) and change this line:
$store_cc = true;
to
$store_cc = false;
__________________
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
|