PrestaShop has an active security policy and disclosure process. Hardening should prioritize running latest supported releases, strict module trust, and admin interface protections.
¶ 1) Follow PrestaShop security policy and supported versions
- apply security updates to latest release as PrestaShop advises
- use official vulnerability reporting process and monitor announcements
- avoid remaining on old branches without active security support
- install modules/themes only from trusted maintained sources
- remove inactive or unmaintained add-ons to reduce attack surface
- review custom code for SQLi/XSS patterns before deployment
¶ 3) Secure admin and sensitive data paths
- protect back-office access with MFA/SSO and IP restrictions where possible
- enforce HTTPS and hardened session/cookie configuration
- encrypt DB and backup data containing customer/order information
- PrestaShop security policy: https://github.com/PrestaShop/PrestaShop/security
- PrestaShop maintainers security guidance: https://www.prestashop-project.org/maintainers-guide/general-guidelines/github-account-security/
- PrestaShop source code: https://github.com/PrestaShop/PrestaShop
Any questions?
Feel free to contact us. Find all contact information on our contact page.