Evolve Help Center
Evolve Web Hosting Homepage Evolve Web Hosting Portal Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Published on: 02/09/2023 | Updated on: 03/15/2023 | Reading Time: 4 minutes

Opencart Security

Configure HTTPS

In order to configure HTTPS for Opencart, there are a few steps to follow.

  1. You will need to have a valid SSL Certificate installed for your domain

  2. You will need to open the config.php and admin/config.php files and modify the following:

Find the HTTP and HTTPS section at the top of each file. You’ll need to add an ’s’ after the http in the HTTP and HTTPS section of both files. Save the files and upload them to the server.

Example of config.php After you have edited it

// HTTP
define('HTTP_SERVER', 'https://www.your-domain.com/');

// HTTPS
define('HTTPS_SERVER', 'https://www.your-domain.com/');

Example of admin/config.php After you have edited it

// HTTP
define('HTTP_SERVER', 'https://www.your-domain.com/admin/');
define('HTTP_CATALOG', 'https://www.your-domain.com/');

// HTTPS
define('HTTPS_SERVER', 'https://www.your-domain.com/admin/'); 
define('HTTPS_CATALOG', 'https://www.your-domain.com/');
  1. Add the following redirect rule in your .htaccess file on the next line below RewriteBase /

If you are using www in your config.php files, add this rule:

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

If you are not using www in your config.php files, add this rule:

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%{HTTP_HOST}/$1 [R=301,L]
  1. Login to your Opencart admin area and go to System > Settings > Edit and click on the Server tab. Select the Radio Button to Use SSL and click save.

Whether you’re processing credit cards or not, we strongly recommend you have an SSL certificate for your website. This will also build trust with your customers and help you store their information as well as yours more securely.

If you are not seeing a padlock for every page, visit missingpadlock.com to learn why.


File Permissions

On all of our servers, you should upload with the following permissions

Folders
755

Chmod 755 (chmod a+rwx,g-w,o-w) sets permissions so that, (U)ser / owner can read, can write and can execute. (G)roup can read, can’t write and can execute. (O)thers can read, can’t write and can execute.

Files
644

Chmod 644 (chmod a+rwx,u-x,g-wx,o-wx) sets permissions so that, (U)ser / owner can read, can write and can’t execute. (G)roup can read, can’t write and can’t execute. (O)thers can read, can’t write and can’t execute.


Restrict Access to .htaccess file

By default, the file is named htaccess.txt. If you have not already, rename the file to .htaccess which is now a hidden file on the server.

Open your .htaccess or .htaccess.txt file add the following to the top of your file

# secure htaccess file
<Files .htaccess>
 order allow,deny
 deny from all
</Files>

Subdomain or Subfolder Configuration

If you choose to install Opencart using a subdomain or subfolder, make sure you modify the following in your .htaccess or .htaccess.txt file:

Change RewriteBase / to RewriteBase /subfolder-name/


Files and Folder Removal

Folders to Remove
/install/

Remove any extra files and/or folders including .zip files that are not needed from the server


Password Suggestions

It’s important to update your Database Username password and Opencart Admin Login passwords on a regular basis.

DO
Use a password generator
Include upper case, lower case, numbers and characters
Have a plan put together to remind yourself to update passwords every month or every other month
DON’T
Use the same password for every site you access
Use the name ‘admin’ for your username
Use a password less than 8 characters
Use password or password12345 as your password

Two Factor Authentication (2FA)

As an additional security layer, we highly recommend adding one of these free extensions to secure the Admin area of your Opencart website with Two Factor Authentication (2FA)

Opencart Two Factor Authentication Extensions


Block Bad Bots

Here are a few lines of code that you can add to your .htaccess or .htaccess.txt file to block a few of the common Bad Bots

Add this code below the RewriteBase / line within your .htaccess or .htaccess.txt file in order to block know bad bots

# deny access to evil robots site rippers offline browsers and other spam
RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]
RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]
RewriteCond %{HTTP_USER_AGENT} ^attach [OR]
RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]

We do not provide any support through tickets or any other means as the topics posted here fall outside the scope of web hosting support.

You may also want to browse the Opencart Community Forums for additional tips and tricks and other Opencart news.