We strongly encourage you to use the following security precautions to minimize the chance of unauthorized access to your ProductCart Control Panel and store database. It is especially important that confidential information such as FTP credentials and ProductCart Control Panel credentials are (1) regularly changed; (2) always changed after being shared with ANY third-party.
ProductCart and PCI Compliance
Make sure to carefully review the section dedicated to PCI Compliance
and specifically the important ProductCart PA-DSS Implementation Guide
- Rename the "pcadmin" folder- By renaming the folder that contains the Control Panel files (by default named “pcadmin”), you can make the location of your Control Panel virtually impossible to find.
- Use the HTTPS protocol (SSL Certificate)-The use of a SSL (Secure Socket Layer) certificate ensures that all data exchanged between the browser and the Web server is encrypted. For more information about which SSL certificates are supported by ProductCart, please refer to the System Requirements section of this User Guide. SSL can be used both on the storefront and the Control Panel.
- Regularly Change Your Control Panel Password- You can do so from within the Control Panel, under “General Settings/Change Password”. We recommend that you change your Control Panel password every month or two, and whenever someone that had access to it no longer works for your company.
- Regularly Backup Your Store- Regularly backup your store to ensure quick and effortless recovery in case your store needs to be restored for any reason (e.g. hardware failures, unauthorized access, change of Web server, change of Web hosting company, etc.). This task should be performed on a weekly basis, more often for busy stores. You should back up the following store data:
- Disable Directory Browsing- When directory browsing is disabled, Web site visitors cannot view a tree of the folders that exist within the Web site. Contact your Web hosting company to ensure that they have disabled directory browsing.
- Remove or rename cmd.exe - If you are hosting your store on your own dedicated Web server, then this security tip can help you further reduce the chances of unauthorized access to the Web server. The objective of a hacker attack is often to gain full control of the victim’s computer. Hackers often do so by accessing a program called cmd.exe, which allows you to execute commands on the system. We recommend that you rename, move, or restrict access to cmd.exe. Renaming it or limiting its use to members of the administrator group removes this vulnerability. This is not a generally needed file for a Web server and if it doesn't exist then it is impossible for an attacker to gain access to it.
- Edit the Print Settings in Internet Explorer- If you print out order invoices from the Control Panel and send them to your customers, note that Internet Explorer by default prints the complete URL to the page at the bottom of the document. You can easily change this setting in Internet Explorer by selecting File > Page Setup and removing the characters that appear in the Footer field.
- Regularly Change FTP Access Credentials- FTP Access should never be shared with anyone
Security Recommendations for: