How Can I Secure OSCommerce?
1) Make backups of your database and site files.
2) Update to latest version. Please note that OSCommerce 3.x is not the latest version and will not work with Shared Hosting.
3) Remove all unused plugins and 3rd party addons.
4) Remove admin/file_manager.php.
5) Remove admin/define_language.php.
6) Make sure that all files, except for the two configure.php files have permissions no higher than 644.
The permissions for the two configure.php files will vary according to the server your site is on it could be 644, 444 or 400 which is correct.
7) Permissions on folders should be no higher than 755.
You can use your FTP program to update permission settings.
8) Install and setup the following
# Prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752
# Monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441
# Block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914
# htaccess protection http://addons.oscommerce.com/info/6066
# Stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044
9) Review other security advice, for example
* http://www.whitefirdesign.com/blog/2011/03/28/securing-oscommerce-2-2-and-2-3/
* http://www.templatemonster.com/help/secure-your-oscommerce-store.html
* http://forums.oscommerce.com/topic/382969-securing-oscommerce-23/
* http://forums.oscommerce.com/topic/373756-secure-231/
Add to Favourites Print this Article