{"id":12805,"date":"2022-08-09T12:10:39","date_gmt":"2022-08-09T08:10:39","guid":{"rendered":"https:\/\/www.cs-cart.com\/blog\/?p=12805"},"modified":"2025-11-20T15:33:46","modified_gmt":"2025-11-20T11:33:46","slug":"how-to-protect-your-online-shop-and-marketplace-9-security-tips-and-tricks","status":"publish","type":"post","link":"https:\/\/www.cs-cart.com\/blog\/how-to-protect-your-online-shop-and-marketplace-9-security-tips-and-tricks\/","title":{"rendered":"How to protect your online shop and marketplace: 9 security tips and tricks"},"content":{"rendered":"\n

eCommerce is a very demanding sphere concerning the security of websites and all the sensitive data stored and processed during the checkout process. Modern CMS<\/a> including CS-Cart and Multi-Vendor<\/a> already include strong security protection, but as any software it is fully effective only if appropriately configured, monitored, and integrated with an overall security policy that starts with awareness that each vulnerability in the project might be detected and exploited. <\/p>\n\n\n\n

Widespread security mistakes are shared access to the admin panel, one password to all accounts and lack of data policy and training on the access hygiene and cyber security. The security of your device is also extremely important. You need to clean the cache in time, you can find more about this in MacPaw’s post<\/a>; you also need to use antiviruses regularly. In this article we collected 9 hints to prevent most common hackers\u2019 attacks and security threats<\/a> for websites based on CS-Cart or Multi-Vendor.<\/p>\n\n\n\n\n\n

<\/span>1. Rename the administration panel address<\/span><\/h2>\n\n\n\n

We recommend setting up the admin panel URL to a random and secure string like CiFmHsKHSilw.php<\/em> where the name is generated by a password generator. Don\u2019t use admin.php, secureadmin.php<\/em> or similar names.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n\n\n

<\/span>2. Install SSL and make redirects to HTTPS<\/span><\/h2>\n\n\n\n

Secure Sockets Layer (SSL) is a security protocol that creates an encrypted connection between the company’s server and the user’s browser. In eCommerce it is essential to protect online transactions and ensure the security of customer data, enabling a seamless checkout process<\/a> that builds trust with buyers. If the site does not have a certificate, the browser will warn the user about an “insecure connection”. Would a potential customer trust your shop? Doubtfully. If your hosting provider doesn\u2019t provide an SSL by default, buy it on your own. Our hosting solution for CS-Cart<\/a> includes a free and auto-renewed SSL certificate, so you don\u2019t have to worry about it.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n\n\n

<\/span>3. Use strong passwords and two-factor authentication<\/span><\/h2>\n\n\n\n

Always use a unique password for each account you create. Make sure that all passwords to your website, including your CS-Cart admin password, are strong and secure<\/a>. It is highly recommended to include upper and lower case, numbers, and symbols. Never use one and the same password for different resources.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Use two-factor authentication to prevent unauthorized access to admin panel accounts in your store. Two-factor authentication methods are based on providing a password as the first factor of protection and usage of a security token or a biometric factor, such as a fingerprint or facial scan as the second layer of protection. You can find the recommended add-ons on CS-Cart marketplace<\/a> to generate one-time passcodes, push notifications, or make phone calls.<\/p>\n\n\n\n\n\n

<\/span>4. Install secure add-ons and themes<\/span><\/h2>\n\n\n\n

When choosing a CS-Cart add-on or theme, check if  they are compatible with your CMS version. We recommend downloading apps and design themes from CS-Cart official marketplace<\/a>. Developers presented there are certified according to CS-Cart standards. CS-Cart specialists test random add-ons and mark them with a special label.They also ensure that posted reviews come from the real owners of CS-Cart stores. <\/p>\n\n\n\n\n\n

<\/span>5. Keep your CS-Cart platform, add-ons and themes updated<\/span><\/h2>\n\n\n\n

Upgrade your store to protect personal data, improve performance and enhance the overall security. It\u2019s highly recommended to install updates issued by CMS, add-ons and themes developers as they include security and performance patches. Implementing a proper security control validation<\/a> process after updates ensures that all security measures remain effective. Don\u2019t forget to create a backup and test updates on a development server before moving to production. Choose hosting providers who provide free daily automated backups and development environments. This will secure your data in case something goes wrong during the update process. <\/p>\n\n\n\n\n\n

<\/span>6. Hide your PHP, NGINX and Apache versions <\/span><\/h2>\n\n\n\n

When the expose_php<\/em> directive is enabled, the HTTP response header will include the PHP version. However, you may not want to broadcast the specific PHP version your site is using. Prevent the web server from sending back the \u201cX-Powered-By\u201d header by setting expose_php = off <\/em>in the php.ini<\/em> file. This is also handy for PCI compliance. <\/p>\n\n\n\n

Add server_tokens= off <\/em>to the http- section of the NGINX configuration file.<\/p>\n\n\n\n

Add\/modify the lines that contain ServerTokens Prod<\/em> and ServerSignature Off<\/em> at the end of the Apache2 configuration file.<\/p>\n\n\n\n

<\/span>7. Set tweaks in the config file in the root folder of your project<\/span><\/h2>\n\n\n\n

The list of tweaks in the config file is constantly growing for better performance of projects. It is necessary to set them properly for higher security. We recommend setting the following tweaks to a \u201ctrue<\/strong>\u201d value on the config.local.php file <\/p>\n\n\n\n