Free shipping on orders over $50! Use code: FREESHIP
  • Your shopping cart is empty!

SecuritySmash Security: Security Checklist Explained

By Smash Team - 15/01/2026 - 0 comments

Understanding the Security Checklist

The Security Checklist automatically scans your OpenCart installation for common security issues and misconfigurations.

Accessing the Checklist

  1. Go to Extensions > Extensions > Modules
  2. Edit "Smash Security + Admin Protection"
  3. Navigate to the Security Checklist tab

Understanding Severity Levels

  • Critical: Fix immediately - serious vulnerability
  • High: Fix soon - significant security risk
  • Medium: Should address - potential risk
  • Low: Best practice - optional improvement

Check: Install Directory Removed

Severity: Critical

The /install directory allows reinstalling OpenCart, potentially wiping your store.

Fix: Delete the entire /install folder via FTP or file manager.

Check: Config File Permissions

Severity: High

Config files contain database credentials. Wrong permissions could expose them.

Fix:

chmod 644 config.php
chmod 644 admin/config.php

Check: SSL/HTTPS Enabled

Severity: High

Without SSL, customer data (passwords, payment info) is sent unencrypted.

Fix:

  1. Install an SSL certificate (free via Let's Encrypt)
  2. Go to System > Settings > Edit Store
  3. Enable "Use SSL"

Check: Storage Directory Location

Severity: Medium

The storage directory contains logs, cache, and session data. Keeping it outside the web root prevents direct access.

Fix: Move storage folder above public_html and update config.php paths.

Check: Admin Folder Renamed

Severity: Low

Renaming /admin to something unique makes it harder for attackers to find your login page.

Fix:

  1. Rename the admin folder (e.g., to "store-control")
  2. Update admin/config.php with new paths

Check: Error Display Disabled

Severity: Medium

Displaying PHP errors can reveal sensitive information to attackers.

Fix: In php.ini: display_errors = Off

Check: Upload Directory Clean

Severity: Critical

PHP files in upload directories can be executed by attackers.

Fix: Remove any .php files from image/catalog and other upload directories.

Best Practices

  • Run the checklist after any major changes
  • Address Critical and High issues immediately
  • Schedule monthly security reviews
  • Keep OpenCart and extensions updated

Tags: security checklist, configuration, hardening

Secure Payment
Fast Shipping
24/7 Support
Easy Returns