Securing Your Installation

Quick Guide to securing your installation
  1. Delete the entire installation directory
  2. Set restrictive file and directory permissions

     

    Post Installation Permissions
    Directory or File Permission Level
    /catalog/admin/includes chmod 755
    /catalog/includes chmod 755
    /catalog/admin/includes/configure.php chmod 644
    /catalog/includes/configure.php chmod 644
    /catalog/images chmod 777
    /catalog/admin/backups chmod 777 (You should not store backups here!)
  3. Insert a blank index.html file in all directories that you don't want the file tree browsed,  or add this directive to your .htaccess file:
        Options -indexes
  4. Protect your admin directory with .htaccess. You can use the password manager on your account if you have cpanel or do a web search for .htaccess and you will find info on how to do this. Usually your host will have support information about this somewhere in their documentation.
  5. Make sure you define default.php in your directory index listing in httpd.conf or in .htaccess. This makes your default.php page come up without having to type in the whole string: This will keep apache from sending the entire file and directory listing of your catalog. You can make these changes yourself by adding a command to your .htaccess file in the /catalog directory or editing your apache configuration file named httpd.conf. To edit this file directly on the server log in root and using the command pico /path/to/apache/conf/httpd.conf  If you do not have root access, you can set this through use of .htaccess., which is also safer for beginners.

    If using .htaccess, add this to your file : DirectoryIndex default.php

    If editing your httpd.conf, add the statement:DirectoryIndex default.php to the <IfModule mod_dir.c> section of your httpd.conf file.

    WARNING: Do not edit httpd.conf if you donít know what you are doing. This could kill your entire server if you make a mistake. Make sure to make a backup of that file before editing it!