Security Audit
Automated security checks and scoring for your PrestaShop installation.
Security Audit
The Security Audit runs 17 automated checks against your PrestaShop installation and provides a 0–100 security score.
Running an Audit
- Go to the Security Audit tab
- Click Run Audit
- Review the results — each check shows pass/fail with explanations
Checks Performed
| # | Check | What It Verifies |
|---|---|---|
| 1 | Debug Mode | Ensure debug/dev mode is disabled in production |
| 2 | SSL Certificate | HTTPS is enabled and properly configured |
| 3 | PHP Version | Running a supported, secure PHP version |
| 4 | PrestaShop Version | Running the latest available version |
| 5 | Admin Folder | Admin directory has been renamed from default |
| 6 | File Permissions | Correct permissions on sensitive files and directories |
| 7 | Directory Listing | Directory listing is disabled on the web server |
| 8 | Security Headers | Presence of recommended HTTP security headers |
| 9 | Backup Files | No backup files (.sql, .zip, .tar.gz) in webroot |
| 10 | phpinfo() Files | No accessible phpinfo() files in webroot |
| 11 | .htaccess Protection | Critical directories have .htaccess deny rules |
| 12 | Error Display | PHP error display is disabled in production |
| 13 | Default Admin | Default admin account email has been changed |
| 14 | Cookie Security | Secure and HttpOnly flags on session cookies |
| 15 | Install Directory | Installation directory has been removed |
| 16 | robots.txt | Sensitive paths are blocked from search engines |
| 17 | Module Security | Checks for known vulnerable module versions |
Scoring
Each check contributes to the overall score. Critical checks (like debug mode and SSL) are weighted more heavily. A score of 80+ is considered good; 90+ is excellent.
Fixing Issues
Each failed check includes:
- A description of the risk
- Specific steps to fix the issue
- Impact level (critical, important, moderate, low)