What folders to secure?

[PrettyWolfie]

Ok, I am a newbie, and have the design part ready. And I want to be able to accept crredit cards in my store.

So I suppose the next step is to put my store in a secure host, right?
Does that mean that the whole site is secured and I am happy or do I have to get SSL certificates for specific pages?

In that case, which pages should I certificate?

[JohnW]

OSC will swithch to secure pages when neccessary like customer info and payment pages. It is well worth the money to get your own SSL. You will have to make sure that your catalog/includes/configure.php and catalog/admin/includes/configuere.php are setup to enable https.

As far as securing your site you want to secure the Admin pages. You should read the OSC dox guide as it will help you a great deal.

[PrettyWolfie]

Do you mean that I don't really have to secure them? They secure themselfs automatically? How neat!

I know about deleting the install folder and chmod444 the configure file, but how I secure the admin files? is that htaccess file thinggie?

[JohnW]

You have to have a SSL with your webhost. You need to ask you host about that. It can't switch if you don't have that. They don't secure themselves automatically but they switch to https automatically when needed. Again, this has to be on your site already and you have to switch it in both configure files.

Yes, securing your admin is done with htaccess. But, you may have a password protect program in you panel that your webhost provides you for accessing your account. I use AAbox hosting and the Cpanel they use has a lot of features like that, which simplifies a great deal of functions.

[PrettyWolfie]

Thanks Jonh!