Long ago, I had a template with best practices for using Prestashop and I cannot help but agree that with this e-commerce platform, indeed, there are way too less frustrations using this. So I have decided to review it and to guide you with the best practices, I created a detailed guide and listed them in this extensive article.
Read on so you will also be guided:
- Start With PrestaShop Maintenance Mode Enabled
- Enable HTTPS In Your PrestaShop Store
- Use Strong Admin Password For PrestaShop Back Office
- Use Cookies Banner For PrestaShop
- Do You Need “Increase Front Office Security” Checkbox For PrestaShop
- Consistently Update PrestaShop, Modules, and Themes
- Have A Staging Environment
- Do You Need PrestaShop Security Plugins
- Do You Need PrestaShop ReCaptcha Addons
- Do You Need PrestaShop Login Protector Addon
- Do You Need Bots Block Addon
- 5 Must-Do Things When Launching PrestaShop Store
- More Helpful Tips
Start With PrestaShop Maintenance Mode Enabled
If you build your store and make it publicly available – you can face two ugly bot types.
- Search Engine Bots will scan your site and will start to index your content. That is great to have if you are not facing many issues initially, like missing images. However, that can lower your search position ranking, which is tricky to recover.
- Hacking Bots will be scanning your store and trying to use all the ugly tactics to hack and get into your store. For example, I saw in my practice when the store owner decided that it is safe to use admin/admin credentials for their back office. So it got hacked before the store was able even to start an online business.
To overcome both issues – start with a maintenance mode.
You can enable this at the Shop Parameters → General → Maintenance tab.
Enable HTTPS In Your PrestaShop Store
You will face fewer problems if you enable SSL at the beginning. Do this in Shop Parameters → General and enable two check boxes on the top mentioning SSL (Secure Sockets Layer).
This will add encryption to your store, and users will see a green security bar in their browser URL bar.
One thing worth mentioning here is that SSL or HTTPS is mandatory. Browsers are making this mandatory, otherwise, time will come when you will be unable to enter pages without HTTPS.
If you are having any issues after such change – clear cache in Advanced Parameters → Performance → Clear cache button on the top right corner.
Use Strong Admin Password For PrestaShop Back Office
Sites are scanned every day automatically by bots, and a list of possible vulnerabilities is tried. For example, it might be tricky to figure out PrestaShop back office URL, but once automatic bots discover that – they will try to login with a list of known most popular passwords.
So make sure to have a strong password and not use any emails for back-office logins starting with info@ or admin@ as they are popular choices for automatic attempts.
Use Cookies Banner For PrestaShop
Your content can be displayed for European users, and they have personal data protection law (GDPR). For this reason, to comply with regulations, you have to say cookies banner and explain why those cookies are needed.
To make it painless, you can use our EU law cookies addon for PrestaShop.
Do You Need “Increase Front Office Security” Checkbox For PrestaShop
PrestaShop has a funny checkbox in Shop Parameters → General called “Increase front office security”. Unfortunately, its explanation is cryptic (very technical), so it is hard to understand.
As a PrestaShop developer, I can say that that option is good to enable, but it is nothing wrong if left disabled. It does not add much security to your store, unfortunately.
The way it works is that it uses cookies to validate user actions (add to cart, checkout, order) and unique tokens.
This checkbox can help eliminate the small amount of automatic fake orders created by bots.
Consistently Update PrestaShop, Modules, and Themes
In other articles, I wrote that PrestaShop v1.6 is hard to get rid of even recent versions (v1.7) exists. The reason for this is that the longer you postpone updates – the less chance you have to upgrade without issues.
And how to upgrade without issues? See next section.
Have A Staging Environment
The staging environment is a copy of your PrestaShop store where you can try things before “going live” with changes.
I have been using staging environments a lot. They are instrumental when you upgrade plugins and themes. You first perform updates in a staging site (copy of your store), then if everything looks good after some testing – repeat the same on the production site.
This way, your risk of doing updates is minimal.
To lower the amount you pay for a staging environment, I usually buy a cheaper (or cheapest) hosting plan on the same hosting provider. This way, for a reasonable price, I have 100% up time when running PrestaShop.
Do You Need PrestaShop Security Plugins
A list of popular plugin names appears from time to time on some blog entries around the web. I wanted to save your time and describe each of them to give a different point of view on some marketed security addons.
Do You Need PrestaShop ReCaptcha Addons
This addon is built to limit fake orders by displaying reCaptcha in the order checkout form.
It only makes sense to have it if you have a fake orders problem. Otherwise, I do not recommend it as: It will slow down the user experience You might lose some orders because reCaptcha is annoying If Google is experiencing any downtimes – your users will be unable to make a checkout for that moment.
Do You Need PrestaShop Login Protector Addon
This addon is legit to consider. It can ban the IP addresses of somebody trying to brute-force front office and back office passwords.
Such addon costs 30-50 USD.
You might want to have it when you have more than 1000 users in your store. Otherwise, it is useless as if you are the only user – there is nothing to hack into.
Suppose you can force your users to use strong passwords (like eight characters or more long). In that case, it is also no point as brute-forcing such length passwords are impossible with the current technologies.
Do You Need Bots Block Addon
I am firmly against bots blocking addons as they can easily hurt your SEO.
Many online directories are scanning your site, and they can list your store on their platform, giving you a “backlink”. This backing increases your site authority and SEO ranking position.
Having bots blocking addons, you might limit Google or Ahrefs from scanning your store, and you will end with never indexed store.
5 Must-Do Things When Launching PrestaShop Store
If you are finally ready to launch your eCommerce store, make sure to make few things first.
Backup your store in case some failure occurs after launch. Make a consistent habit of backing up the PrestaShop database and files (each month, for example). Don’t rely just on hosting automatic backups – they can be lost too!
Enable caching for your store so that users will feel it is fast to shop on when you launch it. You can find caching settings on the Advanced Parameters → Performance page. You can enable most features here, including resources (CSS, images, JavaScript) optimization.
Check Google PageSpeed score and make sure it is above 75 points at least.
Monitor PrestaShop store uptime with tools like UptimeTea. There are a lot of online tools to monitor uptime, but for us personally, UptimeTea was working the best. Monitoring your store is way more important than checking PageSpeed score as down website immediately could cost sales.
Enable Friendly URLs so that your URLs are easier to read and share. Of course, it won’t boost your search engine ranking a lot, but it is still must-do action when talking about SEO.
More Helpful Tips
Review or bookmark this page – from time to time, I tweak this list. More helpful tips could be found on our PrestaShop blog.