Security is a crucial aspect of managing an online store, and PrestaShop pays special attention to it. In the PrestaShop admin panel, there is a dedicated "Security" page that allows for flexible management of key security parameters for both administrators and users. Let’s explore the capabilities of this page and why it is important for online store owners.
Main Security Settings
Back Office Token Protection
The first setting is Back office token protection, which activates token protection for admin panel pages. Tokens are added to URLs and protect against unauthorized access. Disabling this option is not recommended, as it prevents potential attempts by attackers to access the administrative part of the site. In rare cases, such as when developing custom solutions, this protection can be disabled, but under standard conditions, it should remain enabled.
Password Policy
The second important block is the Password policy, where requirements for password complexity for all users accessing the admin panel can be set.
-
Minimum Password Security Score. This parameter can be set from 0 to 4, where:
- 0: The password is extremely simple and can be guessed in a few attempts, such as "password" or "1234."
- 1: The password is slightly more complex but still easily hackable.
- 2: Provides some protection against attacks but is weak for offline cracking.
- 3: A secure password that is difficult to guess even with offline attempts.
- 4: A very complex password with maximum protection, virtually impossible to crack.
-
Minimum Length. Password length also affects its complexity. Too short passwords are easily hacked, so it is recommended to set a minimum length of at least 8 characters.
-
Maximum Length. This setting can limit password length to avoid overly long and cumbersome passwords for users.
These settings help establish a balance between usability and security level for online store administrators.
Employee Sessions
This tab is responsible for managing the sessions of employees accessing the admin panel. Monitoring sessions allows for the protection of data, as it is possible to track how long an employee has been in the system and manage automatic session timeouts. This is useful for preventing accidental access to the admin panel if an employee forgets to log out.
Here, active sessions can be tracked and terminated if necessary. This feature is beneficial if an employee is working from an unreliable location or if a device has been lost.
Customer Sessions
The Customer Sessions tab displays information about the sessions of users in your online store. This data allows for monitoring customer activity and ensuring their security. For example, session activity can be managed regarding how long a customer session remains active.
Controlling customer sessions helps prevent possible account hacking or unauthorized actions if a customer forgets to log out from a public device.
The "Security" page in PrestaShop provides essential tools for managing the security of the store, both on the administrator and customer sides. With a thoughtful password policy, token protection, and session control, the overall security level can be significantly enhanced, reducing potential threats.
Did you know about the capabilities of this page? What do you think about the importance of these features for securing your online store? Share your thoughts in the comments!