Administrator's Guide

4. Pick a complex password, by mixing letters, numbers and

even punctuation marks, such as "5r3XaDR#". You can us an

only password generated, such as PCTools's or GRC's.

2. Securing your PHP installation

1. See the required and recommended PHP settings, at the

beginning of this page.

3. Always delete the /install folder after having installed or updated

PrestaShop

4. Always delete useless files from production server:

1. all readme_xx.txt files.

2. the CHANGELOG file.

3. the /docs folder.

5. Forbid access to your theme's files/templates, using a .htaccess file

with the following content:

7. <FilesMatch "\.tpl$">

8. order deny,allow

9. deny from all

10. </FilesMatch>

Fine-tuning & performances

This section will help you better understand configuration variables than

are not handled using the back-office, but directly in configuration files.

There are four configuration files in PrestaShop, all in the /config folder:

 config.inc.php: core configuration file for PrestaShop.

 defines.inc.php: contains all of PrestaShop constant values.

Previously defined in settings.inc.php.

 settings.inc.php: contains the access information to the database, as

well as the PrestaShop version number.

 smarty.config.inc.php: contains all configuration pertaining to

Smarty, the template/theme engine used by PrestaShop.

config.inc.php file

In production mode:

 make sure to leave @ini_set('display_errors', 'Off'); to "Off".

 make sure to leave define('PS_DEBUG_SQL', false); to "false".

On contrary, in development/test mode, you can get help tracing possible

errors by:

 changing @ini_set('display_errors', 'Off'); to "On".

 changing define('PS_DEBUG_SQL', false); to "true".