IMPORTANT Security Fix for ALL versions of Zen Cart

Article Date(s): 11/29/2009 - 12/31/2035
News from the zen cart developers regarding extra folders just released today as follows:

In a standard Zen Cart install, there are a few additional folders provided which DO NOT need to be uploaded to your live webserver.
In fact, leaving those folders on your server can pose some security risks if not used as intended.
While most of the risks are minor in that attempting to access some of those files/scripts/documentation could reveal some information about your server which might allow more sophisticated hack "probing" to occur, there are some more significant risks including unauthorized access to information on your server or even "accidental" wipe of your whole database in the case of the zc_install folder being left online.

So, it's important that after you've installed your site and are satisfied that it's working properly, including actually doing live transactions to test ALL the payment and shipping modules you're using on your site, be sure to do some cleanup:

REMOVE THE FOLLOWING FOLDERS (and all the files inside them), TO MINIMIZE SECURITY RISKS:
- /docs
- /extras
- /zc_install
- /install.txt (this file can be removed, too)
It is safe to keep these files on your own computer, since they can be used as references/documentation, or used to aid in troubleshooting as diagnostic tools, or for upgrading/installing again in the future. But those folders/files should *not* be on a live webserver.


Optional:
Additionally, *IF* you have no intentions of supporting downloadable products or music-media products, you can *also* remove these folders:
- /download
- /media
- /pub
(And you'll need to go to your Admin->Configuration->Attribute Settings->Enable Downloads, and set it to False to turn off the warning message about the missing download folder)
In the future, if you choose to add downloadable products to your site or music-products, you will want to re-upload these appropriate folders (and their contents) to your server again, and assign appropriate permissions. (See FAQ are for appropriate permissions instructions.)
__________________
Zen Cart - putting the dream of business ownership within reach of anyone!
Back

Shopping Cart

Your cart is empty.

Customer Reviews

Judy ROCKS!

What a breath of fresh air! Judy was ready and able to be creative, flexible and VERY helpful.We could not have done it without her.
Read More ->


Worth Every Penny

I took a leap of faith and had my website upgraded to version 1.5.5 as well as a new "Responsive Zen Cart Template". It was worth every penny. My...
Read More ->


Our hero!

Judy is not only a pleasure to work with, she is fast and knowledgeable, and patient beyond belief in answering our questions and helping us find the...
Read More ->


Judy IS THE BOMB!

Judy is an angel...she had our website up and running over a holiday weekend! We built the main website, but ran into many problem areas, Judy fixed...
Read More ->


Outstanding Knowledge of Zen Cart

Over the past several years, Judy and her team have provided an unparalleled level of technical support for my business. In the years prior to...
Read More ->


Who's Online

There currently are 14 guests online.
Copyright © 2004 - 2021 ZenCart Ecommerce Website Design
Zen Cart Templates Zen Cart Guru
Powered by Zen Cart