Add another security layer to Prestashop 1.7. When someone tries to gain unauthorized access to your store or its files, they will encounter a series of additional security measures. Check the available packages and the range of fortifications.
Basic protection
Basic package, the following activities are performed to strengthen safety:
Activation and enforcement of SSL on all subpages
Checking the store for Mixed-Content and possibly eliminating mixed content
Checking and changing permissions of files and folders to correct (644 files, 755 folders)
Add missing index.php files to template and module directories
Securing the contact form and registration against CAPTCHA spam
PHPUnit vulnerability removed (critical vulnerability in Prestashop modules)
Analysis and improvement of the security of HTTP headers (test using the https://securityheaders.com tool)
Checking and, if necessary, correcting the name of the admin panel directory (should contain combinations of numbers and letters)
One-time check of the store for file changes
One-time scanning of the store for malware
Extended protection
All activities from the lower package plus:
Blocking MIME-sniff (content sniffing)
HSTS (forcing the browser to load the page only using the encrypted HTTPS protocol)
Preventive protection against creating fake accounts by bots
XSS protection (protection against cross-scripting attacks)
Protection against Cross-Site Tracking (XST injection) attacks
Blocking the upload of files with potentially dangerous extensions in the backoffice (exe, com, bat, vb, vbs, wsf, pif, php)
Click-jack protection
Automatic malware scanner with email alerts
Automatic collection of logs of changes in files with sending information to an e-mail address
Protection against SQL Injection attacks
Anti-flood protection (DDoS attacks)
Protection against Brute Force attacks
Protection against SHELL Injection attacks
Protection against HTML Injection attacks
Blocking suspicious HTTP requests (due to the number of characters)
Blocking suspicious user-agent headers (due to the number of characters)
Full protection
Full protection covers all the enhancements performed in the lower packages and the encryption of sensitive personal data of customers directly in the database (address, first and last name, email, telephone …), of course, so that orders can be processed without any obstacles, the data is simultaneously decrypted in the backoffice.
