Making OpenCart More Secure

Tip for Making OpenCart More Secure

January 28, 2014

opencart admin folder isenselabs

Changing your admin folder’s name is not mandatory but a recommended step if you want to have better security for your online store. In this post I will show you how to do that as easy as possible in a few steps.

 

  1. First things first

Rename the folder admin to the new name that you have chosen. In this case we will useisenselabs.

  1. Open the file located in admin/config.php

It has to look like this:
It is necessary to clear the caches (browser cache, page cache, database cache and others) in order the changes to take effect.You have to change all the lines where the word admin is present. The easiest way to do this is by using the quick ‘Find and Replace’ tool which is available in almost every text editor (Notepad, Dreamweaver and along other editors).

01 <?php
02 // HTTP
03 define(‘HTTP_SERVER’, ‘http://example.com/opencart/admin/&#8217;);
04 define(‘HTTP_CATALOG’, ‘http://example.com/opencart/&#8217;);
05
06
07 // HTTPS
08 define(‘HTTPS_SERVER’, ‘http://example.com/opencart/admin/&#8217;);
09 define(‘HTTPS_CATALOG’, ‘http://example.com/opencart/&#8217;);
10
11
12 // DIR
13 define(‘DIR_APPLICATION’, ‘/home/user/public_html/opencart/admin/’);
14 define(‘DIR_SYSTEM’, ‘/home/user/public_html/opencart/system/’);
15 define(‘DIR_DATABASE’, ‘/home/user/public_html/opencart/system/database/’);
16 define(‘DIR_LANGUAGE’, ‘/home/user/public_html/opencart/admin/language/’);
17 define(‘DIR_TEMPLATE’, ‘/home/user/public_html/opencart/admin/view/template/’);
18 define(‘DIR_CONFIG’, ‘/home/user/public_html/opencart/system/config/’);
19 define(‘DIR_IMAGE’, ‘/home/user/public_html/opencart/image/’);
20 define(‘DIR_CACHE’, ‘/home/user/public_html/opencart/system/cache/’);
21 define(‘DIR_DOWNLOAD’, ‘/home/user/public_html/opencart/download/’);
22 define(‘DIR_LOGS’, ‘/home/user/public_html/opencart/system/logs/’);
23 define(‘DIR_CATALOG’, ‘/home/user/public_html/opencart/catalog/’);
24
25
26 // DB
27 define(‘DB_DRIVER’, ‘mysql’);
28 define(‘DB_HOSTNAME’, ‘localhost’);
29 define(‘DB_USERNAME’, ‘user_1’);
30 define(‘DB_PASSWORD’, ‘user_1’);
31 define(‘DB_DATABASE’, ‘user_opencart’);
32 define(‘DB_PREFIX’, ‘oc_’);
33 ?>

Find all occurrences of the word admin and change it with the folder name that you have chosen. This is an example of how your admin/config.php should look like after you make the edits:

01 // HTTP
02 define(‘HTTP_SERVER’, ‘http://example.com/opencart/isenselabs/&#8217;);
03 ….
04 // HTTPS
05 define(‘HTTPS_SERVER’, ‘http://example.com/opencart/isenselabs/&#8217;);
06 ….
07 // DIR
08 define(‘DIR_APPLICATION’, ‘/home/user/public_html/opencart/isenselabs/’);
09 ….
10 define(‘DIR_LANGUAGE’, ‘/home/user/public_html/opencart/isenselabs/language/’);
11 define(‘DIR_TEMPLATE’, ‘/home/user/public_html/opencart/isenselabs/view/template/’);

  1. Fix your vQmod configuration and your vQmod modules.

If you are using vQmod, there are some things that you need to edit.

First of all, you need to fix your vQmod configuration file. Open the index.php located invqmod/install/index.php and change the following line:

1 $admin = ‘admin’;

To this:

1 $admin = ‘isenselabs’;

After that, you have to ensure that all of your modules are working correctly. As of vQmod 2.3.0 there is a file called pathReplaces.php. It is used to globally replace the admin folder name without having to modify the .xml files. You have to open the file and add the following line:

1 $replaces[] = array(‘~^admin\b~’, ‘isenselabs’);

That’s it!

Still, If you are using an older version of vQmod, you have to make the changes manually. Please read on, if you are running a version older than vQmod 2.3.0. Here is what you need to do:

Open all files in vqmod/xml and replace all occurrences of the string admin with the folder’s name that you have chosen. For example, the line:

Should be changed to:

1 <file name=”isenselabs/view/template/sale/order_form.tpl”>
  1. Be careful with caching extensions.

If you are using caching extensions such as NitroPack, you have to make sure that they don’t cache your new admin folder. If you don’t do that, you won’t be able to change your web store settings, view orders and etc.

4.1 NitroPack

If you are using NitroPack, you will have to edit the following three lines:

Open the file core.php located in system/nitro/core and find this line of code:

1 $predefinedIgnoredUrls = array(‘/admin/’, ‘isearch’);

Again, you have to replace /admin/ with the new name:

1 $predefinedIgnoredUrls = array(‘/isenselabs/’, ‘isearch’);

The changes below should be made only if you are using OpenCart with vQmod < 2.3.0.

Open the file nitro.xml located in vqmod/xml/ and edit the following lines:

1 <file name=”admin/controller/catalog/product.php”> (line 32)
2 <file name=”admin/controller/catalog/product.php”> (line 47)

They have to look this:

1 <file name=”isenselabs/view/template/common/header.tpl”>
2 <file name=”isenselabs/view/template/common/header.tpl”>

If you are using another product for caching, you will have to make similar (depending on the product) changes.

  1. That’s all folks!

All you need to do now is to check if everything is working properly. If you don’t see any errors or blank pages, you did a great job!

Enjoy your better secured OpenCart store!

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s