Installing & Securing PrestaShop – A Step-by-Step Guide

Step-by-Step Guide Installing & Securing PrestaShop ubnutu centos redhat debian

Introduction

PrestaShop is an popular open-source ecommerce solution used by over 300,000 online stores worldwide. It offers a feature-rich admin panel and front-end to set up and manage an online store with ease.

However, like any other web application, having proper security measures in place is crucial as well. A compromised store can lead to damaged reputation, financial losses and more.

This guide takes you through a step-by-step process of installing PrestaShop and then securing it by following security best practices.

By the end of this guide, you’ll have a PrestaShop store installed and ready-to-use securely for handling real orders.

Server Requirements

Before installing PrestaShop, make sure your web server meets the minimum requirements:

  • PHP 7.4 or higher (8.0 recommended)
    • Required PHP Extensions: PDO MySQL, cURL, GD, OpenSSL, Mbstring, Tokenizer, JSON, XML, Zip
  • MySQL 5.6 or higher (or any equivalent database)
  • Web Server like Apache or Nginx
  • Minimum 512MB RAM for store operations

Additionally, some PrestaShop modules may have higher technical requirements. Check module documentation for specifics.

Meeting these requirements ensures your store runs smoothly without technical issues.

Downloading & Extracting PrestaShop

First, let’s get the PrestaShop files on your server:

  • Download the latest PrestaShop version from prestashop.com
  • Extract the zip archive onto your web server at the desired location Example : /var/www/html/prestashop
  • The extraction results in a folder like “prestashop” containing all PrestaShop files
  • Make the both the prestashop folder and its subfolders writable
$ chmod 755 -R /var/www/html/prestashop

This covers downloading and placing PrestaShop files for installation.

Database Setup

PrestaShop uses MySQL/MariaDB to store all store data.

Set up a new database and user specifically for PrestaShop:

  • Login to MySQL
  • Create a database for Prestashop
CREATE DATABASE prestashop; 
  • Create a MySQL user for Prestashop
CREATEUSER'prestashopuser'@'localhost' IDENTIFIED BY'DBp4ssw0rd';
  • Grant database permissions to the user
GRANTALL PRIVILEGES ON prestashop.*TO'prestashopuser'@'localhost';

This preps a database that PrestaShop will use.

Make note of the database name, user credentials, and other details like hostname – as they will be required during PrestaShop installation.

With files downloaded and database ready, let’s proceed with the actual PrestaShop installation.

PrestaShop Installation

The PrestaShop installer takes you step-by-step through the quick installation process:

  1. Open your web browser and access the PrestaShop folder
  2. Language Selection :
    • Choose language for the installation process
  3. License Agreement
    • Review and accept the open-source license terms
  4. System Compatibility Check
    • The installer checks server for compatibility
    • Displays PHP settings and required settings
    • Ensure all requirements are met
  5. Store Information Enter store name, country, timezone etc
  6. Database Configuration
    • Enter the database details set up earlier
    • The installer connects to the database
  7. Store Installation
    • Installer creates database tables
    • Stores default store data
  8. Store Ready
    • Front-end site and admin panel ready!

With the setup completed, let’s access the admin panel for first-time tasks.

Admin Account Setup

Once installed, access the PrestaShop admin panel:

http://yourdomain.com/prestashop/admin786elw8k 

Enter credentials created during installation.

Then, proceed with admin account configuration:

  1. Choose Password Set a strong password for the admin account
  2. Opt out of Partner Offers Uncheck box to avoid promotional content

You now have access to the PrestaShop Dashboard.

Before launching your live store, the next step is properly securing your PrestaShop installation.

Securing PrestaShop for Production Use

Out of the box, PrestaShop works well but is not ready for immediate public access.

Certain security measures need to be taken for a production site handling real user data and transactions.

Here are key tips to secure your PrestaShop store:

Disable Demo Mode

If enabled, disable Demo Mode under Advanced Parameters:

Go to: Preferences > General > Enable Shop Demo Mode
Set to: No

Demo mode is meant for module testing purposes and bypasses normal security checks. Keep disabled for a live site.

Set Admin Folder

The default admin folder admin786elw8k is publicly guessable.

Change it to a random difficult-to-guess sequence:

Go to: Preferences > General > Set Admin Folder
Example: ab5dz931tz

This obscures access to your admin panel.

Remove Install Folder

Delete the install folder from your server:

/var/www/html/prestashop/install

This removes remnants from the installation process, preventing malicious use.

Disable Friendly Error Pages

In production mode, disable friendly error pages meant for development:

Go to: Preferences > General > Disable Friendly Error 
Set Error Reporting to: No
Display Errors to: No

This prevents exposing sensitive error messages to public users.

Use HTTPS

Configure PrestaShop for HTTPS access only:

  • Obtain an SSL certificate
  • Enable HTTPS on your web server
  • Force SSL on all PrestaShop Pages

Enforcing HTTPS ensures login forms and payments are encrypted for security against attacks.

Update PHP Version

Use PHP 7.4+ which still has security support:

PHP 7.2 will reach End of Life in Nov 2023
Upgrade to a supported PHP version like 7.4 or 8.0

Latest PHP versions have critical security fixes and improved performance.

Strong Admin Password

Ensure you set a very strong password for the admin account.

14+ random characters containing upper/lowercase letters, numbers and symbols.

Weak admin passwords are targeted in automated credential stuffing attacks.

Use Captchas

Enable and use captchas in areas prone to automated attacks:

  1. Login Page
  2. Forgot Password Page
  3. Contact Form

Captchas block automated bots making fake login attempts, spam contact forms etc.

Update Regularly

Keep PrestaShop and installed modules updated:

Go to: Advanced Parameters > Modules > Modules & Services
Check and install available upgrades 

Updates contain vital security fixes and improvements.

Proper File Permissions

Use principle of least privilege for file permissions:

Example safe permissions:
Folders: 755 
Files: 644  
Unsafe: 777 (full access for all)

This minimizes impact if a file is somehow compromised.

Other Security Tips

  • Limit number of admin users
  • Use only reputable modules from Prestashop Marketplace
  • Remove any unused modules
  • Schedule regular malware scans of files
  • Audit logs regularly for signs of intrusions

Be vigilant and follow security best practices for threat prevention.

Conclusion

There you have it – a comprehensive guide to getting PrestaShop installed securely from start to finish.

Following these key steps allows you to:

  • Get PrestaShop up and running smoothly
  • Configure core settings correctly from the start
  • Harden security to prevent attacks against your live store
  • Set up maintenance for keeping PrestaShop secure

You can now proceed with customizing your online store, adding products, setting up payments and fulfilment integrations.

Execute proper security measures as outlined here for threat prevention throughout your ecommerce journey.

This establishes a robust foundation for the success and security of your PrestaShop business!

LEAVE A COMMENT