Search the Community

Buy it here: https://addons.prestashop.com/en/website-security-access/44413-security-pro.html Price: Only 69,99 EURO (Free support included) Cheap doesn't always mean bad. I spent more than a year on this project and I want to help as many store owners as possible. You get all the security features that you need in this module and I update the module on a regular basis. PrestaShop in its own is very secure. It's among the most secure content management systems available. When that is said, PrestaShop advice you to set file- and folder permissions by your own, and secure your back-end with another layer of security from your webserver itself. This part is not covered by PrestaShop. I added those functions to the module, so you can do it without any coding knowledge. I added all the functions that you need to follow best practice. Trust me - this module will save you months of work. I did not add settings that are obviously already covered by PrestaShop core with another technique, but if some technique having more layers is good practice, I added those extra layers of security. You can for instance enable Two-Factor Authentication and setup e-mail alert in case of brute force attacks. Example of a great feature: You can enable e-mail notifications for filechanges. You choose the time interval to check for, by a cronjob. Then you will get an e-mail if there were any filechanges since last check. In case you get malware, spyware etc., or you mess something up by yourself, you will get an e-mail with paths to the files that was changed. In that way you know exactly where to check! Here are what you get with Security Pro (all the configurations are not listed, check screenshots for additional information): Brute force protection: Enable/Disable "Brute force protection for back office" Enable/Disable "E-mail notification in case of fail attempts to login" Enable/Disable "E-mail notification in case of successfully login" Enable/Disable "Log" Two-factor authentication Enable/Disable "Two-factor authentication" (for back office) Second login Enable/Disable "Second login" (from your webserver itself) Secure front office Enable/Disable "Click-jack protection" Enable/Disable "XSS protection" Enable/Disable "Disable content sniffing" Enable/Disable "Force secure connection with HSTS" Enable/Disable "Expect CT" Enable/Disable "Referrer policy" Anti-SPAM Enable/Disable "Prevent fake accounts / Block bots" Enable/Disable "Contact form" Enable/Disable "Block TOR IPv4 and IPv6 addresses" Enable/Disable "Block custom list of IP addresses" (The module can handle IPv4, IPv6 addresses, as well as IP ranges, in CIDR formats like ::1/128 or 127.0.0.1/32 and in pattern format like ::*:* or 127.0.*.*) Enable/Disable "Block custom list of user agents" Anti-virus Enable/Disable "Malware scanner" Enable/Disable "filechanges scanner" Enable/Disable "Log" Enable/Disable "Block file uploads" (for back office) Firewall (WAF) Enable/Disable "Anti-flood / Anti DDoS protection" Enable/Disable "Bot check" Enable/Disable "Anti-SQL injection" Enable/Disable "Anti-XXS injection" Enable/Disable "Anti-SHELL injection" Enable/Disable "Anti-HTML injection" Enable/Disable "Anti-XST injection" Enable/Disable "Block too long HTTP requests" Enable/Disable "Block user agents with too long names" Enable/Disable "Block old HTTP protocols" Enable/Disable "Block file-upload" (front office) Enable/Disable "Log" Protect content Enable/Disable "Disable right click" Enable/Disable "Disable right click on images only" Enable/Disable "Disable drag and drop" Enable/Disable "Disable copy" Enable/Disable "Disable cut" Enable/Disable "Disable paste" Enable/Disable "Disable text selection" Automatic backups Enable/Disable "Backup database to local" Enable/Disable "Backup database to Dropbox" Enable/Disable "Backup files to local" Enable/Disable "Backup files to Dropbox" Admin directory Change name of admin directory in a few clicks. Password generator Strong password generator for MySQL database, FTP, hosting panel/cPanel, SSH access and back office. Scripts Fix insecure permissions vulnerability Fix directory traversal vulnerability Analyze system for all known vulnerabilities CVE-2020-5293 CVE-2020-5288 CVE-2020-5287 CVE-2020-5286 CVE-2020-5285 CVE-2020-5279 CVE-2020-5278 CVE-2020-5276 CVE-2020-5272 CVE-2020-5271 CVE-2020-5270 CVE-2020-5269 CVE-2020-5265 CVE-2020-5264 CVE-2020-5250 CVE-2019-13461 CVE-2019-11876 CVE-2018-8823 CVE-2018-8824 CVE-2018-7491 CVE-2018-19355 CVE-2018-19124 CVE-2018-19125 CVE-2018-19126 CVE-2018-13784 CVE-2017-9841 CVE-2015-1175 Analyze your server for insecure settings session.use_cookies session.use_only_cookies session.cookie_httponly session.hash_function session.use_trans_sid session.cookie_secure session.use_strict_mode session.cookie_lifetime session.lazy_write session.sid_length session.gc_divisor session.sid_bits_per_character allow_url_fopen allow_url_include display_errors log_errors error_reporting display_startup_errors expose_php register_globals register_argc_argv short_open_tag xdebug.default_enable xdebug.remote_enable file_uploads upload_max_filesize post_max_size max_input_vars max_input_time memory_limit max_execution_time default_charset Analyze you PrestaShop configuration for insecure settings PHP version (7.2.19) SSL enabled SSL Enabled everywhere PrestaShop token Mod Security PrestaShop admin directory name Database table prefix PrestaShop debug mode Analyze SSL Analyze your SSL certificate Scan your website for mixed content Recommandation The module does not use overrides and none of the core-files are modified, so you are completely safe against conflicts between other modules. Works on all major server software (Apache, Nginx, LiteSpeed, etc.). Works on PrestaShop 1.6.1.x, 1.7.x.x and on thirty bees 1.x.x. Works on PHP 5.6.x, 7.0.x, 7.1.x and 7.2.x. Everything is very well tested. No known bugs exist and the module is battle tested! The module is already in production on many stores. The code quality is high and it follows PretaShop's guidelines. The code is optimized for performance and security. If you want to see a demo of the module, or if you have questions please contact me. Contact link: https://addons.prestashop.com/en/contact-us?id_product=44413

I have the SSL certificate from cloudfare (free version) but looks like is not fully working, in my backend I get this : Connection is not secure. parts of this page are not secure (such as images). And in the frontend when a client try to register this warning pops up: The information you have entered on this page will be sent over an insecure connection and could be read by a third party. Are you sure you want to send this information? If I press continue it refrech on the same page and the account is not created. any idea on how to solve this?

Hi all , Because my mysql database requires a certificate validation in mysql-connect i'm getting a "cannot find database" in installation although i'm putting it right. Can anyone tell me a right way to change this? i found db.php but i'd like to change it in the correct way i have a crt file to pass to mysql connect. thank you for help

Hi Guys, I have recently purchased a SSL certificate for my PrestaShop and enable it in the back office and it works fine apart one little issue ,however, when I tried to open my website it doesn't not display in green colour and it complaints that there is still some elements that are insecure. I am using PrestaShop 1.7.3 You can visit the website and see what I mean : https://smartpipes.co.uk Any suggestions how to fix this ? How to properly implement the SSL? Regards,

Hello, Why do I get unsafe warning in my address bar when I try to visit pages linking to one specific module. Infact, some of its functions stop working when I enable ssl. The moment I disable it, it starts working fine.

Is there any modul or some kind of way to integrate b2b certificate from another compay for there products to show on shop automaticly. They provided me with certificate and ftp connection do download images of products. Is it posible to do that kinde of thing in presta fast or i need to code modul. If new modul is required please some kinde directions.

I can get in to dashboard, but front end sites are down, and all it says is 500 error. I have NO idea where it broke or how to fix this, because the 500 error message is useless. www.leahsveganlife.com (now has diff message cuz my dev has changed it) My dev has been researching it for hours and can't find the cause yet. PLEASE HELP? Where do we look?

Hi, i instaled for my site a certificate and i have a problem: i BO the link is corect -> https://sitename/admin but in Frontoffice not work to https just .. http. Thx.

Hello everybody, would you please suggest me how / when to install a new theme on my presta 1.5.4.1 website. I mean am going to apply a SSL certificate to my e-store subdomain. So should i first install the new theme and after that apply for SSL or it is better to apply the SSL to the store subdomain and after that to install the new theme. It is a paid theme from themeforest. Thanks in advance for you suggestions.

free ssl certificates - read guide Are you wondering how to secure your e-commerce website with SSL certificate for free? If you're looking for own FREE SSL certificate - this guide is what you're looking for in this guide i want to show you how you can generate TRUSTED BY ALL BROWSERS free ssl certificate to secure: 1) domain 2) subdomain ( for exmaple: https://yourshop.com + https://subdomain.yourshop.com ) it's worth to mention that this ssl certificate is insured for the amount of $10 000! free ssl certificate is provided by StartCom Ltd. DEMO check this page: http://apps.facepages.eu/prestashop/ it is secured with this ssl certificate installation procedure of this certificate is exactly the same as others, so, enjoy your totally free ssl cert

I moved hosts, had my site working fine without an SSL certificate. I disabled SSL for the period that it didn't exist - I'd had an SSL certificate with the previous hosts and it was enabled fine. Today I bought the SSL and hosts installed it, however when I went to renable SSL in Back Office I am faced with: "Please click here to use HTTPS protocol before enabling SSL." If I click it reloads the page with https if it wasn't before but the option to enable SSL remains unavailable. The site loads on https with a warning about 'script from unauthenticated sources'. Site is coolvape.co.uk [uPDATE]: My web host managed to fix this for me, the issue was caused by their 'SSL load balancer'. Hope this helps anyone else with this issue.

HI I wonder if anyone could shed some light on this for me... (I am using version PrestaShop™ 1.5.4.1) This question is regarding what to put in: Preferences > SEO & URLs - I currently have shop domain = testsite1.com SSl Domain = testsite1.com base URI = / When I bought the simple ssl certificate from my hosting company they said it was for the address: www.testsite1.com They also mentioned that when they tried to goto: "https://www.testsite1.com" it redirected to "https://testsite1.com" my shop is near to completion and don't want to open it until im 100% sure about exactly what I should be put in as the SSS domain. Any help on this MUCH appreciated.

hi, today i bought SSL certificate and i want to add it to my shop. I've got own IP address but i dont know exactly how to configure it. any suggestions?

I would like to ask if there any free module that will generate a gift certificate for the products. Thanks! This is the link of the site www.buybranded.com.ph

How to configure Paypal on a website that has SSL certificate? Prestashop version: 1.4.9.0 Paypal module version: 3.0.9 This module requires API username, API password and API signature, but my website has a SSL certificate and SSL active, so Paypal has no signature, but a certificate instead. On Paypal website, to obtain a signature, it requires to remove the certificate. If I do so, my website will loose the certificate, and SSL no longer works, which is a problem. I cannot do that. I searched prestashop website and this forum, and I do not find any information regarding this subject. Can anyone help? Thank you Nelson / Contacto Visual - Portugal

Please! I need help with this module that we bought. http://addons.presta...tificates.html. I installed it properly and everything works up until the customer tries to input the Gift certificate code at the payment option step. When the customer enters the code and submits USE, it then takes them back to the shipping step and starts the process all over again. It will not checkout the customer with the proper deductions. Please how do I resolve this? My website is http://usapokerzone.com/shop/ Here is the $1.00 Gift certificat code to test it out: GVNqGYNoq9 Also I attached a sreenshot of the part where we have the problem at. Thank you for helping!

Hi, We've installed an SSL EV certificate on our PS website. When we access the website : we have the https in the url of the navigator, but we do not have the green bar before the URL of our website (therefore we cannot see the certificate). We know it's a PS problem because : 1) when deactivating the header : we have the green bar + error message in the page (because of the missing header) 2) when accessing directly to an image of the website in https : we've got the green bar. We've checked if there was something to setup in the /classes/FrontController.php but didn't find anything We would appreciate any help... Odo

Dear community, I read most topics about SSL here at the forum, but I haven´t found a solution yet. I use a dedicated IP and a private certificate from EuropeanSSL. My webhoster installed it and secured my domain like www.domain.com and now I see on every page the https prefix, which is plausible I guess. Now I activate the SSL option in Backoffice and nothing happens. I still see https on every page. It also seems, that there´s an error with the configuration. It says that my page is only partly secured, I dont see the certificate, only https. In Backoffice it´s working though. How do I assign the https to the pages where it is needed? I read something about editing the code in the FrontController.php (here) from $_SERVER['HTTPS']) == 'on' to $_SERVER['HTTPS']) == '1', but I only find $_SERVER['HTTPS']) == 'off', and I´m not sure to manually edit this to '1'. Please help, this is kind of urgent. My shop is deactivated for public, but I can let somebody in, to help me out. Thank you in advance! Shop Software is Prestashop 1.4.4.1 Edit: solved! My webhoster installed the certificate and linked all http pages to https. It was no prestashop error. To remove the https on an all pages, you have to go into your server software and deavtivate the button http->https Anyhow, I have some other problems like this all well known redirect-error. I try to get rid of that by studying the forum.