“WE ARE XYZ HACKERS!!!!!!!!!!!!! YOUR WEBSITE HAS BEEN HACKED, HACKED HACKED”.
Do you want to see something like this on your osCommerce website? Obviously no, right? Then you must secure your osCommerce website from hackers. File_manager.php and define_language.php. are the most favorite files of osCommerce site hackers. Don’t just depend upon your web hosting company for protection of your website. You have to take some measures by yourself for securing your ecommerce website, on which you run your online business. Take precautions if you want to achieve success for your online store.
Here are some guidelines for securing your osCommerce website:
Remove or rename your install directory
Always remember to remove or rename your install directory, as soon as you install your osCommerce version.
Permissions for user access rights
You should set proper permissions on directories and files for establishing user access rights. If permissions are set incorrectly, then this code can be uploaded to a directory and used for injecting malware into site.
Be vigilant about latest upgrades
The osCommerce developers release upgrades and new security measures very often. Be aware about this and install new versions accordingly.
Secure your osCommerce site with htaccess/htpassword
You can protect your website from bots, spammers with htaccess file. To know more about how to secure osCommerce site with htaccess file, click here.
Protect your osCommerce site with configure.PHP file
Modify proper permissions for the configure.php file. Learn steps to secure the configure.PHP file here.
Secure admin directory
There are two ways of doing this. You can do it by renaming your admin directory with something else (except admin). Also, change the ‘/admin/includes/configure.php’ value for the ‘/admin/’ directory.
The other way is making your ‘/admin/’ directory, a password protected directory.
Secure your file_manager.php
It is known as a threat for security of osCommerce website since very long period. File manager is a risk and it should be removed.
Disable ‘Tell a friend’ feature
‘Tell a friend’ feature of Oscommerce allows users to send email to their friends. Spammers use this to send spam from your website. If users are required to log into account user-created, then this should impede spammers.
Get a SSL certificate for your e-commerce website. Secure Sockets Layer (SSL) is used as a standard security for generating an encrypted link between a web server and a browser.
Use Visual Verification Code
If osCommerce captcha or visual verification modules are added, the user is needed to type some characters before submitting page.
Keep an eye on access and error logs
This will allow you to monitor the activity on your website. After finding anything suspicious, you can decide the course of action like sometime you need to ban IP, use .htaccess etc.
Keep back up
Always keep back up your store. It can be done with Admin/Tools/Mysql back up.