PrestaShop Best Practices
A long time ago, I had a template with a list of best practices for PrestaShop starters to end up with less frustration when using this ecommerce platform.
I have decided to review it and update those practices and list them in one extensive article.
Table of Contents
- Start With PrestaShop Maintenance Mode Enabled
- Enable HTTPS In Your PrestaShop Store
- Use Strong Admin Password For PrestaShop Back Office
- Do You Need “Increase Front Office Security” Checkbox For PrestaShop
- Consistently Update PrestaShop, Modules, and Themes
- Have A Staging Environment
- Do You Need PrestaShop Security Plugins
- 3 Must-Do Things When Launching PrestaShop Store
- More Helpful Tips
Start With PrestaShop Maintenance Mode Enabled
If you build your store and make it publically available - you can face two ugly bot types.
Search Engine Bots will scan your site and will start to index your content. That is great to have if you are not facing many issues initially, like missing images. However, that can lower your search position ranking, which is tricky to recover.
Hacking Bots will be scanning your store and trying to use all the ugly tactics to hack and get into your store. For example, I saw in my practice when the store owner decided that it is safe to use admin/admin credentials for their back office. So it got hacked before the store was able even to start an online business.
To overcome both issues - start with a maintenance mode.
You can enable this at the Shop Parameters → General → Maintenance tab.
Enable HTTPS In Your PrestaShop Store
You will face fewer problems if you enable SSL at the beginning. Do this in Shop Parameters → General and enable two checkboxes on the top mentioning SSL (Secure Sockets Layer).
This will add encryption to your store, and users will see a green security bar in their browser URL bar.
One thing to mention is that SSL or HTTPS is the mandatory. Browsers are making this mandatory, and time will come when you will be unable to enter pages without HTTPS.
If you are having any issues after such change - clear cache in Advanced Parameters → Performance → Clear cache button on the top right corner.
Use Strong Admin Password For PrestaShop Back Office
Sites are scanned every day automatically by bots, and a list of possible vulnerabilities is tried. For example, it might be tricky to figure out PrestaShop back office URL, but once automatic bots discover that - they will try to login with a list of known most popular passwords.
So make sure to have a strong password and not use any emails for back-office logins starting with
admin@ as they are popular choices for automatic attempts.
Your content can be displayed for European users, and they have personal data protection law (GDPR). For this reason, to comply with regulations, you have to say cookies banner and explain why those cookies are needed.
To make it painless, you can use our EU law cookies addon for PrestaShop.
Do You Need “Increase Front Office Security” Checkbox For PrestaShop
PrestaShop has a funny checkbox in Shop Parameters → General called “Increase front office security”. Unfortunately, its explanation is cryptic (very technical), so it is hard to understand.
As a PrestaShop developer, I can say that that option is good to enable, but it is nothing wrong if left disabled. It does not add much security to your store, unfortunately.
This checkbox can help eliminate the small amount of automatic fake orders created by bots.
Consistently Update PrestaShop, Modules, and Themes
In other articles, I wrote that PrestaShop v1.6 is hard to get rid of even recent versions (v1.7) exists. The reason for this is that the longer you postpone updates - the less chance you have to upgrade without issues.
And how to upgrade without issues? See next section.
Have A Staging Environment
The staging environment is a copy of your PrestaShop store where you can try things before “going live” with changes.
I have been using staging environments a lot. They are instrumental when you upgrade plugins and themes. You first perform updates in a staging site (copy of your store), then if everything looks good after some testing - repeat the same on the production site.
This way, your risk of doing updates is minimal.
To lower the amount you pay for a staging environment, I usually buy a cheaper (or cheapest) hosting plan on the same hosting provider. This way, for a reasonable price, I have 100% uptime when running PrestaShop.
Do You Need PrestaShop Security Plugins
A list of popular plugin names appears from time to time on some blog entries around the web. I wanted to save your time and describe each of them to give a different point of view on some marketed security addons.
Do You Need PrestaShop ReCaptcha Addons
This addon is built to limit fake orders by displaying reCaptcha in the order checkout form.
It only makes sense to have it if you have a fake orders problem. Otherwise, I do not recommend it as: It will slow down the user experience You might lose some orders because reCaptcha is annoying If Google is experiencing any downtimes - your users will be unable to make a checkout for that moment.
Do You Need PrestaShop Login Protector Addon
This addon is legit to consider. It can ban the IP addresses of somebody trying to brute-force front office and back office passwords.
Such addon costs 30-50 USD.
You might want to have it when you have more than 1000 users in your store. Otherwise, it is useless as if you are the only user - there is nothing to hack into.
Suppose you can force your users to use strong passwords (like eight characters or more long). In that case, it is also no point as brute-forcing such length passwords are impossible with the current technologies.
Do You Need Bots Block Addon
I am firmly against bots blocking addons as they can easily hurt your SEO.
Many online directories are scanning your site, and they can list your store on their platform, giving you a “backlink”. This backing increases your site authority and SEO ranking position.
Having bots blocking addons, you might limit Google or Ahrefs from scanning your store, and you will end with never indexed store.
3 Must-Do Things When Launching PrestaShop Store
If you are finally ready to launch your ecommerce store, make sure to make few things first.
Backup your store in case some failure occurs after launch. Make a consistent habit of backuping the PrestaShop database and files (each month, for example). Don’t rely just on hosting automatic backups - they can be lost too!
Check Google PageSpeed score and make sure it is above 75 points at least.
Enable Friendly URLs so that your URLs are easier to read and share. Of course, it won’t boost your search engine ranking a lot, but it is still must-do action when talking about SEO.
More Helpful Tips
Review or bookmark this page - from time to time, I tweak this list. More helpful tips could be found on our PrestaShop blog.