Good Security Practices

[Dh42]

Here is a good article I wrote about making your Prestashop more secure

[allumos01]

Hello,

 

I have an issue with SEO (URL rewrite) and securing HTACCESS on PS 1.5.3.1.

 

My "admin" is secured with htaccess.

htaccess is located in the "admin" directory.

htpasswd is located somewhere else.

 

Everything works fine when "friendly URL" is de-activated.

 

When I activate "friendly URL", then I cannot access the admin and I am redirected to "error 404".

 

It used to work fine with PS 1.5.0.17 but since I upgarded to 1.5.3.1 it doesn't work.

 

I tried several things like :

- reset cookies

- activating / deactivating frinedly url

 

I aslo noticed some changes in PS 1.5.3.1 :

- in settings.inc.php I have the line "define('_PS_DIRECTORY_', '/../../');"

- I don't understand this line : only one "/" should be enough since my site is located at root.

 

Any idea?

Any procedure to setup "friendly url" and htaccess together?

 

Best regards,

[Dh42]

Off the top of my head if they are related, but the dispatcher.php version in 1.5.3.1 has a few bugs in it. Look on the git and get the fixed version. Sorry I don't have a link, but I know there is an updated fix on it.

[lynn.chris9]

Dh,

 

Very good list of practises to be followed by any website Admin.

 

In short don't use anything which everyone uses by default & try to hide the software you are using on your website

[RCP90]

Hi,

 

Thanks DH42, have been looking for something like this.

 

Some really nice tips there.

Edited April 29, 2013 by RCP90 (see edit history)

[Dh42]

Glad I could help.