In order to secure OsCommerce please follow these steps:
1. Download all your OsCommerce files
2. Create a backup in case something goes wrong later
3. Scan all the files with an antivirus software and delete the suspicious ones
4. Check manually for suspicious code in your files. If you have doubts about parts of the code, check the original OsCommerce files
5. Make sure there are no .php (.pl, .cgi) files in your images directory. Executable files are not supposed to be there under any circumstances.
6. Once you perform the above steps upload your files to your webserver.
7. Make sure that your installation is the latest OsCommerce version. If not, upgrade it following the official instructions
8. Password protect your admin directory additionally or limit its access by IP
9. Disable the following functions in PHP:
disable_functions =exec,passthru,shell_exec,proc_open,popen,curl_exec,curl_multi_exec
Besides that, make sure that register_globals and allow_url_include are turned off.
10. Depending on your host and webserver try to find additional protection in mod_security rules or suhosin rules applicable to OsCommerce.
The above steps might not be easy to follow and do not always guarantee full protection. That's why it is recommend to seek professional help. If you are interested Siteground will be pleased to offer you its professional web hosting and security services.
You need help with a shopping cart? hostlantern is specialized in eCommerce hosting and provides expert support for a large number of shopping carts. Check out our shopping cart hosting services!
