How to Enable SSL and Firewall in Arastta
Updated on Dec 10, 2015
Security should be a top priority for every website especially if there is sensitive information involved. As most online stores work with payment and shipping details and even credit card information it is very important to have the maximum security possible. Here Arassta excels compared to its predecessor OpenCart by implementing new security features and firewall methods that can stop most malicious attempts towards your store.
To enable SSL and the Arastta Firewall, follow the steps below:
Step 1 Locate the Security options
To configure the Arastta Security options for your website, you will need to login to your admin dashboard and navigate to the System>Settings section from your main panel.
Now select the Security tab and you will see the two main categories of security – Common and Firewall.
Step 2 Common Security Measures
- Use SSL - Here you can select if you want to use SSL and if you want it to cover only the Account & Checkout pages, your Catalog or the entire website including the Admin dashboard (make sure you have an active SSL for your domain before enabling this)
- Encryption Key - You can enter a combination of letters and numbers that will be used as a key for encrypting content on your website
- Email on Admin Login - You will receive an email for every login to your admin area on the email address provided in this field
- Keyword for Admin Panel - You can set up a custom path to your admin area by adding a custom keyword to the URL (for example, if you add the word fortknox now your admin dashboard will be accessible only via domain.com/admin?fortknox)
Step 3 Firewall configuration
- LFI Protection - (Local File Inclusion) Protects against directory traversal techniques that might allow an attacker to read sensitive files
- RFI Protection - (Remote File Inclusion) Protects against access to URLs that might allow an attacker to download and run malicious scripts
- SQLi Protection - (SQL Injection) Protects against common SQL injection attacks (such as SELECT xyx FROM users) that might allow an attacker to get sensitive data from your database
- Use HTMLPurifier - Enabling this will clean the content of request variables (might slow down performance slightly)
When you have finished configuring your Arastta security measures, hit the Save button at the top right corner of the page.