How to improve your CS-Cart security

After you install CS-Cart, you can improve your site security by following the recommendations in this article.

Change the administration panel file name

Change the default name of admin.php to something only you know.

To change the name of admin.php, log in to your HostPapa cPanel and click File Manager.

Locate admin.php, right-click it and select Rename. Choose a name that only you know and that you will remember.


Click Rename File.

Change config.local.php to include the new admin filename. In the File Manager, locate config.local.php, right-click it and select Edit. In the confirmation dialog box, click Edit.

In the file, find this line:

$config['admin_index'] = 'admin.php';

and change it to reflect the new name of the admin file.

$config['admin_index'] = 'my_secret_admin.php';

Click Save Changes and then click Close.

Confirm that the install folder has been deleted

The Install folder is usually automatically deleted after installation, but it’s a good idea to check and delete it, if necessary. If it exists, the Install folder will be in the same directory as admin.php. If you see the Install folder, right-click it and select Delete. In the confirmation dialog box, click Confirm.

Check the file permissions

Ensure that the following files and folders have 644 permissions applied to them. For information about how to check and change permissions, see How to set file and directory permissions for CS-Cart.

config.local.php 644
design/.htaccess 644
images/.htaccess 644
var/.htaccess 644
var/themes_repository/.htaccess 644
design/index.php 644
images/index.php 644
var/index.php 644
var/themes_repository/index.php 644

Configure security settings

You can enable secure connections (HTTPS) for your administration panel, storefront, or both.

In the administration panel, go to Settings → Security settings.

In the Enable secure connection for the storefront dropdown, select one of the following:

  •  Secure profile, checkout and order pages – Choose this to enable secure connections only on the profile, checkout, and order pages. These are the store pages that typically send data to the server.
  • Secure full site – Choose this to enable secure connections on all store pages.

Select Enable secure connection in the administration panel.
Click Save.

Use the Access Restrictions add-on

You can use the CS-Cart Access Restrictions add-on to restrict access to the administration panel and storefront based on user IP address. To learn more about restrict access based on IP, see Restrict Access to the Administration Panel in the CS-Cart documentation.

If you have any questions about securing your CS-Cart installation, please contact HostPapa Support by opening a support ticket. Details about how to open a support ticket are here.

Was this article helpful?