Security Recommendations
Security Recommendations
We strongly encourage you to use the following security precautions to minimize the chance of unauthorized access to your ProductCart Control Panel and store database. It is especially important that confidential information such as FTP credentials and ProductCart Control Panel credentials are (1) regularly changed; (2) always changed after being shared with ANY third-party.ProductCart and PCI Compliance
Make sure to carefully review the section dedicated to PCI Compliance and specifically the important ProductCart PA-DSS Implementation Guide.General Recommendations
- Rename the "pcadmin" folder- By renaming the folder that contains the Control Panel files (by default named “pcadmin”), you can make the location of your Control Panel virtually impossible to find.
- Use the HTTPS protocol (SSL Certificate)-The use of a SSL (Secure Socket Layer) certificate ensures that all data exchanged between the browser and the Web server is encrypted. For more information about which SSL certificates are supported by ProductCart, please refer to the System Requirements section of this User Guide. SSL can be used both on the storefront and the Control Panel.
- Regularly Change Your Control Panel Password- You can do so from within the Control Panel, under “General Settings/Change Password”. We recommend that you change your Control Panel password every month or two, and whenever someone that had access to it no longer works for your company.
- Regularly Backup Your Store- Regularly backup your store to ensure quick and effortless recovery in case your store needs to be restored for any reason (e.g. hardware failures, unauthorized access, change of Web server, change of Web hosting company, etc.). This task should be performed on a weekly basis, more often for busy stores. You should back up the following store data:
- Disable Directory Browsing- When directory browsing is disabled, Web site visitors cannot view a tree of the folders that exist within the Web site. Contact your Web hosting company to ensure that they have disabled directory browsing.
- Regularly Change FTP Access Credentials- FTP Access should never be shared with anyone