Log in to get access to additional options [close]

Things to remember before starting a website

Date: 2014-07-28

Quick.Cms and Quick.Cart, both free and paid editions, are content management systems with great possibilities, speed and high security of use. Below we present tips helpful in getting an optimal set up of the script.

Change login and password

First and one of the most important things to do is changing login and password to the admin panel. To change the access data, in the admin panel go to Tools » Settings or directly in the database/config/general.php file in the script, in the $config['login'] and $config['pass'] variables. Login and password providing maximum security should consist of capital and small letters, digits and special characters. The more complicated they are, the less probable hacking your website is.

Setting login and password

Change the admin.php file name

The next very important thing, you should definitely change is the name of the admin.php file in the main directory of the script. This file is responsible for granting the access to the admin panel. Change the name to any name you like, preferably including both letters and numbers. After changing the file name, also in the database/config/general.php file find the $config['admin_file'] variable and replace the admin.php value with the new file name of the admin.php file.

Changing file name

For more security related information read the article: How to protect your website and your customers' data

Changing permission right to directories and files

If it's possible and the script works properly, set the permissions for database/ and files/ directories and their subdirectories to 700 and 600 for files. If there are problems with the script, change permissions of those directories, subdirectories and files to 777. Remember to upload the script to the server setting the transfer type to binary. Often after installing the FTP software, the transfer type is set to auto. It may cause problems with the script on the server.

Setting permissions for files

Install only necessary functionalities

To let the script run at its maximum speed it's important that it has only these functions installed, which will be used on the website. Don't install plugins you or your customer won't use. Each unnecessary plugin takes up space and will have negative impact on script's speed.

Plugin installer is a very useful tool available in paid editions Quick.Cms.Ext and Quick.Cart.Ext. It will make it fast and easy to install all plugins you need.

Before installing plugins, we recommend to make a copy of the script and install the plugins on that copy.

Plugin installation

Disabling modules

Another very useful element you can use in the paid editions is ability to disable some functionalities like plugin installer. It will make the script run faster. The admin panel will be clearer for a customer, because it will not have unnecessary options, that could let him or her cause unwilling damage to the website. You can set this functionality in the database/config/general.php file, its in the $config['plugins'] variable. If you want to disable a plugin, set its variable's value to false instead of true.

For example to take away your customer's ability to install plugins, set the $config['plugins']['plugins'] variable to false.

Disabling unused plugins

Hide the advanced options

In the latest version of the scripts, you can disable specific options, fields and tabs in your customer's admin panel. Free editions allow to hide only some of the options. In paid editions there are many options, fields and tabs you can hide in the admin panel available to your customer.

It can protect your from repairing the damages your customer might cause.

In paid editions specific elements can be hidden in the database/config/general.php file by inserting under the $config['hide_theme'] = true; variable one or more of the variables, which you can find in the Quick.Cms.Ext and Quick.Cart.Ext manual. To restore a given option, field or tab, remove the respective variable or set its value to null.

Enable developer's mode for your IP

Each webmaster should know about the developer's mode available in paid editions of the scripts. It allows to enable options, fields and tabs, visible only for the chosen IP and not to your customer. Thanks to this option you'll see and have access to all functions of your customer's script, for example in your office. To enable the developer's mode, in the database/config/general.php file paste the variable $config['developer_mode_for_ip'] = '1.1.1.1';, where 1.1.1.1 is the IP address, from which the mode will be available.

Check xHTML and CSS validation

When optimizing your script it's quite important to check the xHTML and CSS code validation. To validate xHTML it's best to use a free tool available at the W3C website www.validator.w3.org.

To validate CSS you can also use a free tool at www.jigsaw.w3.org/css-validator/. Internet browser plugins can also be used to that, for example FireFox has a Html Validator.

Having your website validated give you certainty, that after implementing your modifications, your website is compliant with the W3C standards.

Restrict logging in to specific IP addresses

Restricting logging in to the admin panel to specific IP addresses is a good practice. It makes it even harder for someone to hack your customer's website.

To add an IP address or list of addresses, from which it will be possible to log in to the admin panel, go to the database/config/general.php file and add a variable, depending on your script's edition:

  1. paid - $config['allowed_ips_admin_panel'] = Array( '1.1.1.1', '2.2.2.2' );
  2. free - $config['allowed_ip_admin_panel'] = '1.1.1.1';

1.1.1.1 and 2.2.2.2 are IP addresses, from which one will be able to log in to the panel managing the website's or shop's content.

Set the default variables such as: image localization, size

When preparing the script's setup, remember to set the images default localization, thumbnail 1 size, thumbnail 2 size (if it's enabled), subpages display type, and so on. It will make inputting your website's data much faster and easier. You can set these default variables in the database/config/general.php file. For more information go to the Quick.Cms, Quick.Cms.Ext, Quick.Cart and Quick.Cart.Ext manual.

For example the $config['pages_default_image_size_list'] = 1; variable sets the default size of added image and the value 1 sets it to 150 px, because it was defined this way in another variable $config['images_sizes'] = Array( 0 => 100, 1 => 150, 2 => 200 );, which you can also find in the database/config/general.php file.

The paid edition contains many more options you can set, which allows for much greater flexibility when adjusting content presentation on your website.

Remove unused languages

Very significant mistake made by those creating websites and shops is not removing the additional unused language preinstalled in the script. If your website has only one language version (let's say it's English), in the admin panel, in the Tools » Settings, set the default language to en, and in the Tools » Languages remove the language pl.

Removing the unused language will also remove the unnecessary subpages, which could then be indexed by Google. Read more about that on the Remove unused languages from your website! page.

Other configuration variables depending on website specifications

If you're planning on having 200 or more subpages on your website, in the database/config/general.php file set the variable $config['pages_full_description_to_file'] to true.

In case of a shop, set the variable $config['products_full_description_to_file'] to true, if your shop will have 1000 or more products.

These settings will make the script run significantly faster, because additional files will be created in the database/ directory, which will store page or product full descriptions. You need to remember, that in this case you will not be able to search in page and product full descriptions.

In the paid editions you can enable the option to search in full descriptions by setting the variable $config['search_in_files'] to true. Note however, that this will cause significant server load. If you encounter any problems with too much server load, disable this option.

Summary

Quick.Cms and Quick.Cart scripts, as well as their paid editions are very safe and fast compared to the competitive solutions. Following the above recommendations will give your website maximum security against hacking and will significantly improve the script's performance. You'll also save a lot of time not letting your customer any opportunity to break the website in the administration panel.

Make sure to familiarize yourself with the documentation, where you'll find many detailed information about how to correctly set up the script and run it on a server.

Article by Mariusz Szczęsny of the Hainet company designing websites and online shops, OpenSolution partner. Contact the author: biuro@hainet.pl, www: hainet.pl.
 
terms and policies about us contact