Security Double Check?

[Lafferty Store]

Trust but Verify.

Depending upon Windows or Linux for your Server and what kind of Control Panel is used for the Hosting part, verify yourself that certain things have been done. Regardless of who installs what, there is always a way for others check on what has been been done and how well it is working. That's how Hackers get in.

Better protection can be provided at the Server level which is why that is so important. As to Security at the Hosting account level, make sure directory & file permission are what they should be. If any script, Zen Cart or otherwise, says that directories or Files need wide open permissions (777 for example) then make sure security has been put in place to help prevent hacking / cracking.

Thanks much... I passed that along to my server guru...

Server is Linux and yes my Control Panel is secure as well (https)

[Website Rob]

... and yes my Control Panel is secure as well (https)

Using 'https' has nothing to do with securing a Control Panel. Many times there are default 'things' included which must be disabled or better secured. cPanel is a good example as many of the 'default' scripts provided are very old and need to be turned OFF; else security breaches can be possible. Other Control Panels have other areas but all need to be double checked.

Then there is the Server 'php.ini' file which need changes for better security. Apache could some beefing up, and on, and on, and on. This should all be done by a good Server Admin. You say your ISP or somebody from there is handling this? I would especially double check the work.

[Lafferty Store]

Using 'https' has nothing to do with securing a Control Panel. Many times there are default 'things' included which must be disabled or better secured. cPanel is a good example as many of the 'default' scripts provided are very old and need to be turned OFF; else security breaches can be possible. Other Control Panels have other areas but all need to be double checked.

Then there is the Server 'php.ini' file which need changes for better security. Apache could some beefing up, and on, and on, and on. This should all be done by a good Server Admin. You say your ISP or somebody from there is handling this? I would especially double check the work.

Well that's where I'm lacking, sad to say but true. I don't know the server side of this stuff, I am just a lowly web guy, and this is my first venture into this side of things. I'm learning, but I don't want to screw something up due to lack of knowledge. That's why I rely on my server guru.