How do I secure my OpenCart store?

First, if you’re still using OpenCart 1.x I would recommend you look into OpenCart Community Edition, which is an unofficial fork containing various OpenCart security fixes.

Unfortunately, they don’t seem to have a version for the latest OpenCart 2.x.

Second, there are a few OpenCart-specific measures that you can take to improve the security of your setup:

  • Specify a database prefix during installation
  • Remove your installation folder after it’s completed
  • Rename your admin folder
  • Be careful with third party themes and extensions, especially with the free ones. Unfortunately, even in 2016 OpenCart suffers from poorly coded themes and extensions many of which are freely available in the official OpenCart marketplace. Be sure to check the ratings and comments first.

Finally, you’ll want to follow the generic website securing practices that aren’t specific to OpenCart, such as:

  • Use SSL
  • Keep your file and folder permissions tight. This usually means 644 or 444 on most folders except for cache and log directories.
  • Use solid passwords
  • If you have multiple users working on your OpenCart store, make sure to only give them the necessary set of privileges, not complete access
  • Make regular backups

Here are a few helpful links for OpenCart stores and generic websites: