• Posted by Melanie
• 12 March 2010
• Ecommerce Marketing, Store Development

Security

First and foremost make sure your Zen Cart is fully patched! No exceptions. Your Zen Cart you just downloaded and installed still needs these.

Now, do these items on Zen Cart's recommended security list. On this list please ignore the following. If you choose to do these things, your robots.txt cannot be accessed and the php command will not work properly for you in most server environments.

#.htaccess to prevent unauthorized directory browsing or access to .php
files
IndexIgnore */*
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
#add the following to protect against people discovering what version your
spiders.txt file is
<Files *.txt>
Order Deny,Allow
Deny from all
</Files>

Now, lets add some cool stuff to help you stay safe.

Tip #1: Use strong passwords for everything! Change them every 30 days.

Tip #2: When renaming your admin DO NOT use any admin or business related
term. Try banana for example, something like manage, control or anything XXadmin is a dead guess for most hackers to discover your admin directory.

Tip #3: Make sure all admins have their OWN accounts and install this module to track their access more conveniently.

Tip #4: Protect your admin directory with an additional auth when possible. Perhaps you can password protect the directory or allow access by IP address for example.

# password-protect the directory
AuthType basic
AuthName "This directory is protected"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user

# deny all except
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 192.168.1.1
allow from .*domain\.com.*
</Limit>

Tip #5: Protect ALL directories from browsing with an index.html file. This file can be blank, it just prevents the directory from displaying in an index to browse. If a folder has an index.anything... It's protected.

Tip #6: Protect your images directories (all) with the following .htaccess to prevent browsing, executing php files and more. These directories will also need an index file. When done, login to your hosting control panel and change the permissions on both the index.html and .htaccess files to 444 to prevent modification.

#PRO-Webs ver 1.8 1/2010
#Prevent directory viewing and the ability of any scripts to run.
#While a bit overkill this file prevents a wide array of access and executions
#of known exploits in your Zen Cart
#This file and a index.html should have the chmod 444
#This low setting allowance differs from server to server and should be set as
#low as possible and no higher that 644
#Permissions this low will likely need set in filemanager
#Place this in all images directories except BMZ_Cache
Options -ExecCGI -Indexes
IndexIgnore *
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)=http [NC]
RewriteRule ^(.*)$ - [F,L]
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files ~ "\.php$">
Order allow,deny
Deny from all
</Files>
chmod .htaccess files 444

Tip #7: If you have an SSL force all of your admin pages to load in only secured urls with the following htaccess code.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} /admin_dir/
RewriteRule ^(.*)$ https://domain.com/admin_dir/$1 [R,L]

Tip #8: Make sure your cache folder has the correct index.php and .htaccess. Download a fresh version of Zen Cart and upload them to be sure. Now CHMOD, change the permissions of these to 444.

I may be adding to this, as we are always testing... so stay tuned.

• Posted by Melanie
• 13 January 2010
• So you want to be a Shop Owner Series, Store Development

Ecommerce Marketing

Internet use is still growing year after year, and as more and more people have Internet access, more and more small businesses are recognizing the importance of integrating some form of ecommerce / online catalog as part of their business marketing portfolio. The Internet never goes offline, and websites are accessible every hour of the day - there are no opening and closing times on the Internet serving a worldwide market.

For the average person, the ability to be able to shop from the comfort home is a very welcome idea, and is becoming a very popular method of purchasing goods... Even for mobile users! Those customers who still prefer the tangibility of a brick and mortar store, the Internet still provides a way of researching the products they are interested in, to compare different prices, gain product knowledge and prepare to make an educated decisions without salesman pressure.

Another advantage of the Internet is its worldwide reach. Small business retailers no longer have to have brick & mortar stores in many different geographical locations to become a national brand - by selling on the web, they can get their product seen by a much larger audience.

However, it is not as simple as setting up online and customers automatically come flocking to your shop; a lot of hard work needs to go into developing, promoting and securing your online store, thus tackling many of the same related start up and maintenance issues with a brick and mortar store. The biggest difference is cost, while you may end up paying a couple of thousand dollars to properly develop your shopping cart... you will still be saving on start up fees, rent and other traditional business overhead costs These savings can then be passed on to the shoppers, making your business more competitive in its niche.

Undoubtedly then, a small business with a Internet promotable product would be foolish to overlook the power of the ecommerce. Businesses should plan and look to incorporate some form of ecommerce into their current business marketing portfolio. Be aware, however, as major differences exist between selling online and selling in real life, and you will need to build up a high level of trust with Internet customers... In perhaps ways you are not yet accustomed to.