Knowledgebase

In order to secure Zen Cart please follow these steps:

1. Download all your Zen Cart files

2. Create a backup in case something goes wrong later

3. Scan all the files with an antivirus software and delete the suspicious ones

4. Check manually for suspicious code in your files. If you have doubts about parts of the code, check the original Zen Cart files

5. Make sure there are no .php (.pl, .cgi) files in your images directory. Executable files are not supposed to be there under any circumstances.

6. Prevent access to any files different from  index.php in the main directory. For this purpose create the following .htaccess in the main directory:

<Files *.php>
deny from all
</Files>
<Files ~ "^index.php$">
allow from all
</Files>

7. Once you perform the above steps upload your files to your webserver.

8. Make sure that your installation is the latest Zen Cart version. If not, upgrade it following the official instructions

10. Password protect your admin directory additionally or limit its access by IP. It's also required to change its name by following this steps on how to rename Zen Cart admin directory.

11. Disable the following functions in PHP:

disable_functions =exec,passthru,shell_exec,proc_open,popen,curl_exec,curl_multi_exec

Besides that, make sure that register_globals and allow_url_include are turned off.

12. Depending on your host and webserver try to find additional protection in mod_security rules or suhosin rules applicable to Zen Cart.

The above steps might not be easy to follow and do not guarantee full protection. That's why it is recommend to seek professional help. If you are interested Siteground will be pleased to offer you its professional Zen Cart web hosting and security services.