Getting into Zen Cart – looking for advice plz

[Eihab]

Hi all,

I am looking to start an ecommerce site; I think I have an idea worth doing. I have had proper look on other platform, Many bloggers have raised several concerns about its security (Community edition) as you can with some GET statement or search terms expose the site. I have looked into hosted solutions, but to be honest there is always some sort of catch and even lack of functionality and no wider community support.

I have read some reviews and Zen Cart seems to have good reputation, nice features and active community. I come from web design and development background but don’t claim to be an active coder in PhP. My main concern is code security. I have checked some hosting providers who seem to have utilised environments for Zen Cart, but also as the recommendations by Zen Cart site is that I need to do some changes in directories and code, I wonder is it only these simple changes needed to improve security or do I have to be a PhP wiz and do more utilisation on the code to protect the site from code based hacks.

I really like Zen Cart, it has so many nice templates with flexible interface, I read on this forum that a customer can upload a file with the Purchase and that’s exactly what I need. Please let me know your advice on the security issue and if there are particular things that I need to know/do to have a code secured site.

Finally thanks to the brain powers who gave us Zen Cart. And my apologies for a novice question.

Best,
Eihab

[stevesh]

As far as I know, there are no current security issues with the latest version of Zencart, and no PHP expertise is necessary to use it.

The usual security precautions (proper folder and file permissions, renaming the 'admin' folder, etc.) are important, but easy to accomplish.

[Eihab]

Thank you so much for the reply. I will contact the hosting company to check on their environment and see what version of Zen Cart they offer. I installed XAMPP yesterday on my PC and I will start working on Zen and do some testing.
Thanks,

[stevesh]

Just a suggestion, but don't worry about what version of Zencart your host offers. Always use the latest version, and install Zencart manually in your hosting account, rather than with the host's auto-installer.

[Eihab]

Thanks for the tip, I asked them they said they use 1.3.9g which is good, I will get a hosting with private SSL as well; they say the package I am getting is PCI compliant which is good. I will now digg into it through XAMPP and let you know guys how I get on.

Many thanks,
Eihab

[DrByte]

As to your security question, the Zen Cart developers take security very seriously, not only embracing strong secure coding practices, but also quickly responding to any security threats or even real vulnerabilities if they occur.
You do not need to be an expert on PHP security, or even on PHP in general, to use Zen Cart. The developers take care of that for you.

[Eihab]

Thanks DrByte, This is really assuring, I am glad I come across Zen cart just the right time. There should be lots of fun to come.

Many thanks,