Getting started Tips for web professionals

5 tips for securing your Prestashop site

Online shops are a coveted score for cybercriminals. Your customers should be able to trust you when visiting your website. As such, it’s essential to protect the personal data your customers provide to you, like their bank account information, addresses, telephone numbers, etc.

Prestashop’s popularity makes it a prime target for any cybercriminal. That’s why it’s important to secure your Prestashop site in order to protect your customers’ data.

That makes your online shop’s security of the utmost importance.

Here are our five recommendations for securing your Prestashop site.

1. Make sure to update Prestashop

Prestashop is a very well known platform uses by thousands and a frequent target of cybercriminals. The biggest thing you can do to make sure your site is secure is to use the latest version of Prestashop.

Updates correct bugs and improve transaction and account security, among other things. This makes regular updates extremely important.

2. Backup your data

It’s also essential to make backups of your site in order to avoid the risk of losing everything if your site is pirated. For that, you need to make copies of the site content as well as the database. That way, if your site goes down or is attacked, you’ll be able to get it back on its feet in no time.

You can keep your backups on your Prestashop site’s server. However, we also recommend storing them somewhere else as well — such as your computer, an external drive, or even a USB key — because, if you are attacked, you risk losing the backup of the site if it’s on the same server.

We also suggestion regularly backing up your data and record the date and time in your back up folder.

You can make back ups yourself or using Prestashop plugins.

Read more about backup best practices in the article we published for World Backup Day.

3. Install and SSL certificate

An SSL certificate considerably strengthens your site’s security. SSL is a protocol that encrypts data exchanged between your site and its visitors. An SSL certificate lets you protect the data of users connecting to your online store.

A site protected by SSL is easy for users to identify — it will have a little lock to the left of the URL in address bar of their browser. These days, customers will only trust your site if you have an SSL certificate installed on our website.

When you host your site at Gandi, you get an SSL certificate for free with your hosting.

4. Set a strong password

This might seem obvious, but you can never be too careful. Make sure the password you use is long and complex.

Avoid using easy-to-guess passwords like ‘password’, ‘asdfgh’, ‘12345’, etc. It’s important for your password to be unique and complex to keep your Prestashop site secure. Don’t be afraid to use uppercase and lowercase letters, numbers, and symbols.

Also, when you create your online shop, you will create passwords for several things. These passwords should be strong, but they should also be different from one another. For example, sFTP access at Gandi requires a password per Simple Hosting instance. Sharing an account but not usernames is also possible at Gandi using the “Organization” feature.

See how to create and manage organizations in this tutorial video

Don’t make cybercriminals’ job easier!

5. Be careful about plugins and themes you download

You should always be careful about what plugins and themes you download.

Downloading a suspect plugin or a theme could be dangerous as it could contain malware.

To avoid the risk, it’s better to use plugins and themes that Prestashop’s developers have approved. To begin with, you can download plugins and themes from Prestashop for free, these are obviously validated by the developers. For plugins and themes developed by a third party, make sure they are trustworthy before downloading them.

On the other hand, a large number of plugins are available in Prestashop, allowing you to add new features to your online shop. Some help you protect your site. Here are some plugins that are useful for securing your online shop:

  • Protect My Shop is a plugin developed by Librasoft, awarded “Best module for productivity” in the Prestashop Addons Awards 2019. This plugin lets you protect your back office, your content, your files, etc. against a variety of different attacks
  • reCaptcha is a plugin that lets you protect your contact form and protect your online shop from fake accounts
  • Block Bots is a plugin that lets you block access to different types of bots or undesirable users who might breach your site. To do so, this plugin restricts access to your site by blocking by IP address, user-agent, or even country


Your online shop, like any other shop, needs to be protected from cybercriminals, thieves, and other malicious users. No e-commerce site is safe from getting hacked, and these five recommendations are essential:

  • Always update your Prestashop to the latest version
  • Regularly back up your data
  • Install an SSL certificate to protect your site and to show your users your site is secure
  • Make sure your passwords are strong so as not to make the task of hacking your site too easy
  • Verify the trustworthiness of plugins and themes before you download them and use security plugins to protect your site