PrestaShop in its own is very secure. It is among the most secure content management systems available. When that is said, PrestaShop advice you to set file- and folder permissions by your own, and secure your back-end with .htpasswd. This part is not covered by PrestaShop. I added those functions to the module, so you can do it without any coding knowledge.
I did not add settings that are obviously already covered by PrestaShop core with another technique, but when that it said, if some technique having more layers is good practice, I added those extra layers of security.
Example of a great feature: You can enable e-mail notifications for filechanges. You choose the time interval to check for by a cron-job. You will get an e-mail if there were any filechanges since last check.
So in case you get malware, spyware etc., or you mess something up by yourself, you will get an e-mail with paths to files that changed. So you know exactly where to check!
Here are just some of the other features you will have with this module (check screenshot for more information's):
- Brute force protection
- Prevent unauthorized access to your back end
- Click-jack protection
- XSS protection
- Disable content sniffing
- Force secure connection with HSTS
- Expect CT
- Referrer policy
- Cookie secure flag
- Cookie HttpOnly flag
- Block specific files
- Block bad user-agents / bots
- Block custom list of IP’s
- Add missing index.php files
- Fix insecure permissions
- E-mail notification if case of file changes
- E-mail notification in case of malicious code (malware scan)
- Disable right click
- Disable drag and drop
- Disable copy
- Disable cut
- Disable paste
- Disable text selection
- Fix insecure admin directory name
- Check system for vulnerabilities
