Tip for Making OpenCart More Secure

Changing your admin folder’s name is not mandatory but a recommended step if you want to have better security for your online store. In this post I will show you how to do that as easy as possible in a few steps.

This tutorial is written specifically for OpenCart, but the following steps can be applied to older versions of OpenCart as well.

1. First things first

Rename the folder admin to the new name that you have chosen. In this case we will use isenselabs.

2. Open the file located in admin/config.php

It has to look like this:

define('HTTP_SERVER', 'http://example.com/opencart/admin/');
define('HTTP_CATALOG', 'http://example.com/opencart/');

define('HTTPS_SERVER', 'http://example.com/opencart/admin/');
define('HTTPS_CATALOG', 'http://example.com/opencart/');

// DIR
define('DIR_APPLICATION', '/home/user/public_html/opencart/admin/');
define('DIR_SYSTEM', '/home/user/public_html/opencart/system/');
define('DIR_DATABASE', '/home/user/public_html/opencart/system/database/');
define('DIR_LANGUAGE', '/home/user/public_html/opencart/admin/language/');
define('DIR_TEMPLATE', '/home/user/public_html/opencart/admin/view/template/');
define('DIR_CONFIG', '/home/user/public_html/opencart/system/config/');
define('DIR_IMAGE', '/home/user/public_html/opencart/image/');
define('DIR_CACHE', '/home/user/public_html/opencart/system/cache/');
define('DIR_DOWNLOAD', '/home/user/public_html/opencart/download/');
define('DIR_LOGS', '/home/user/public_html/opencart/system/logs/');
define('DIR_CATALOG', '/home/user/public_html/opencart/catalog/');

// DB
define('DB_DRIVER', 'mysql');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'user_1');
define('DB_PASSWORD', 'user_1');
define('DB_DATABASE', 'user_opencart');
define('DB_PREFIX', 'oc_');

You have to change all the lines where the word admin is present. The easiest way to do this is by using the quick 'Find and Replace' tool which is available in almost every text editor (Notepad, Dreamweaver and along other editors). 

Find all occurrences of the word admin and change it with the folder name that you have chosen. This is an example of how your admin/config.php should look like after you make the edits:

define('HTTP_SERVER', 'http://example.com/opencart/isenselabs/');
define('HTTPS_SERVER', 'http://example.com/opencart/isenselabs/');
// DIR
define('DIR_APPLICATION', '/home/user/public_html/opencart/isenselabs/');
define('DIR_LANGUAGE', '/home/user/public_html/opencart/isenselabs/language/');
define('DIR_TEMPLATE', '/home/user/public_html/opencart/isenselabs/view/template/');

3. Fix your vQmod configuration and your vQmod modules. 

If you are using vQmod, there are some things that you need to edit.

First of all, you need to fix your vQmod configuration file. Open the index.php located in vqmod/install/index.php and change the following line:

$admin = 'admin';

To this:

$admin = 'isenselabs';

After that, you have to ensure that all of your modules are working correctly. As of vQmod 2.3.0 there is a file called pathReplaces.php. It is used to globally replace the admin folder name without having to modify the .xml files. You have to open the file and add the following line:

$replaces[] = array('~^admin\b~', 'isenselabs');

That’s it! 

Still, If you are using an older version of vQmod, you have to make the changes manually. Please read on, if you are running a version older than vQmod 2.3.0. Here is what you need to do:

Open all files in vqmod/xml and replace all occurrences of the string admin with the folder's name that you have chosen. For example, the line:

<file name="admin/view/template/sale/order_form.tpl">

Should be changed to:

<file name="isenselabs/view/template/sale/order_form.tpl">

4. Be careful with caching extensions.

It is necessary to clear the caches (browser cache, page cache, database cache and others) in order the changes to take effect. 

If you are using caching extensions such as NitroPack, you have to make sure that they don't cache your new admin folder. If you don’t do that, you won’t be able to change your web store settings, view orders and etc.

4.1 NitroPack

If you are using NitroPack, you will have to edit the following three lines:

Open the file core.php located in system/nitro/core and find this line of code:

$predefinedIgnoredUrls = array('/admin/', 'isearch');

Again, you have to replace /admin/ with the new name:

$predefinedIgnoredUrls = array('/isenselabs/', 'isearch');

The changes below should be made only if you are using OpenCart with vQmod < 2.3.0.

Open the file nitro.xml located in vqmod/xml/ and edit the following lines:

<file name="admin/controller/catalog/product.php"> (line 32)
<file name="admin/controller/catalog/product.php"> (line 47)

They have to look this:

<file name="isenselabs/view/template/common/header.tpl">
<file name="isenselabs/view/template/common/header.tpl">

If you are using another product for caching, you will have to make similar (depending on the product) changes.

5. That’s all folks!

All you need to do now is to check if everything is working properly. If you don’t see any errors or blank pages, you did a great job!

Enjoy your better secured OpenCart store!

Join 11,000+ subscribers receiving actionable E-commerce advice

* Unsubscribe any time
comments powered by Disqus