Security Notes
Hosting
- Use HTTPS
- Keep PHP updated (8.1+ recommended)
- Turn off `display_errors` in production
- Use sane permissions:
- `data/` writable by PHP
- other files read-only
Accounts
- Change default admin password immediately
- Use strong passwords
- Rotate credentials if staff changes
Mods/Themes
Only install mods/themes from sources you trust.
Review code before enabling on a production store.