In this tutorial we'll show you how to install PrestaShop 1.7 and above on your web hosting plan account. Free Script Installation is available on the Todhost cPanel control panel - Once you have an active web hosting plan, you can have our PrestaShop specialists take care of installing PrestaShop for you at no additional cost. All Todhost clients can request a free installation by submitting a ticket.
PrestaShop 1.7 pretty much installed in the same way as older PrestaShop versions.
You need to do the following basic things:
- create a database for the application
- download an installation package for the latest PrestaShop
- upload the installation package on your hosting account
- install the application
- delete the install folder from the root PrestaShop directory on your hosting account
- make sure that the admin folder in the root PrestaShop directory on your hosting account is renamed
In this tutorial we've used as a basic example PrestaShop 1.7.
Now we'll go over these steps in more details.
Create a database
Although it's possible to install different applications or several instances of the same application in one database it's recommended that you keep each application in a separate database. You can add new databases and manage your existing ones from the Databases section of the control panel. To add a new database click on the Add Database button that's in the black area on the right. On the following page type the name of the database and create a database user by specifying a username and password in the respective fields. Then click on the Add Database button that's under the options.
For some more details check out the tutorial on how to manage databases with the Todhost control panel, and more specifically the section on how to add databases.
You need to download on your local computer the latest PrestaShop version, depending on which one you decide to use. You can find it in the download section of the official PrestaShop site.
Upload the PrestaShop installation package on your account
After you have the PrestaShop installation package on your local computer you have to upload it on your hosting account. The installation package that you downloaded is a ZIP archive. There are a few ways you can upload the application on your hosting account.
One way to do this is to extract the archive that's on your local computer and then upload the unpacked content on your hosting account with an FTP client (e.g. FileZilla). If you unzip the archive on your local computer, the unpacked folder will be labeled with the number of the version (e.g. prestashop_18.104.22.168). Inside that folder there will be a single HTML file and a subfolder labeled prestashop. In that prestashop folder are all the files and folders of the application that you have to upload on your hosting account. You have to upload them in the public_html folder on your hosting account (or in a subfolder of public_html). That's the root web-accessible folder. If you upload the whole unpacked prestashop folder directly in the public_html directory, the application will be accessible at yourdomain.com/prestashop. If you upload the files and folders that are inside the prestashop folder without the parent prestashop folder itself, the application will be accessible at yourdomain.com.
Note that uploading many files and folders (even small in size) takes a lot of time. A much quicker alternative is to upload the ZIP archive from your local computer to your hosting account and then unpack it there. You can upload the archive either with an FTP client or from the Files section of the Todhost control panel. Then you can unpack it on the hosting account with the file manager of the Todhost control panel.
If you unpack it directly on the account, a folder labeled prestashop will be created with all the files and folders of the application. So, if you upload the archive directly in the public_html folder on the hosting account and you unzip it, the application will be accessible at yourdomain.com/prestashop. If you want it to be accessible at yourdomain.com, you have to move the files and folders from public_html/prestashop to the root public_html folder. You can move, copy/paste, rename and unpack files and folders from the Files section of the control panel. For more details on how to do these things check out the tutorial on how to manage files and folders with the Files Manager of the control panel. Of course, these actions can also be performed via SSH, but this is for more advanced users.
After you have a database and you upload the application on your hosting account you can start the actual installation process. To do this you have to open with your web-browser the URL address corresponding to the location of the application on your hosting account. So if you uploaded it directly in the public_html folder on your account, you have to open the URL yourdomain.com.
On the first page that opens you can choose the language for the installation. Select the language and click on Next:
Note that this will be the language used only during the installation. Once the installation is complete you can install different language packs so that you can have the frontend and backend translated in those languages.
On the next page you have to accept the license agreement. Just mark the checkbox and click on Next:
On the following page you have to specify the shop name, country and admin account information:
Type a name for your shop in the field for Shop name and select the country of your shop from the Country drop-down menu. The option for the main activity is not required and you don't have to select anything. Then in the section Your Account type the first and last name of the administrator, specify an email address and a password. These are the email address and password for the administrator user that's about to be created. You can use them to access the admin panel after the installation is complete. Click on the Next button to continue.
The following page is for the database information:
It contains the following options:
- Database server address - for most hosting providers, including Todhost, the database server address is localhost. So make sure that this option is set to localhost.
- Database name - in this field type the full name of the database that you created for the PrestaShop application.
- Database login - in this field you have to type the username of the database user that you created for the particular database. Alternatively, you can use the username of the master database user. When you add databases from the Databases section of the control panel you can add a user that has access only to that database. You can also add users to a database after the database is created. When you install an application it's recommended that you provide the login credentials of a user that has access only to the particular database and not the login credentials of the master database user.
- Database password - type the password of the database user whose username you put in the previous option.
- Table prefix - by default, this is set to ps_. You don't have to change it unless in the database in which you're going to install PrestaShop there's another PrestaShop instance with the same table prefix. For security reasons you may want to change the prefix to something different than the default ps_ prefix. As we already mentioned, it's also recommended that you keep each application on its own in a separate database.
After you're done with the options click on the Next button. This will start the installation. A bar showing you the progress will appear:
After it's done a page with buttons that link to your site's frontend and backend will appear:
To be able to access your backend/admin panel you have to do a couple of other things. You need to go to the root PrestaShop directory on your hosting account and there you have to delete the install folder; and you have to check the name of the renamed admin folder, so that you know what URL to use to access the admin panel.
Delete install folder
After the installation is complete you have to delete the install folder. Otherwise, you won't be able to access the back office of your shop. The install folder is located in the root PrestaShop directory on your hosting account. So if you installed PrestaShop directly in the public_html directory on your account (meaning the frontend of the shop is accessible at yourdomain.com), then the path to the install folder will be public_html/install. You can delete it with an FTP client or from the Files section of the control panel.
PrestaShop admin folder
With older PrestaShop versions you have to rename the admin folder that's in the root PrestaShop directory on your hosting account before you can access the back office. With PrestaShop 1.5 and newer versions this folder is renamed automatically the first time you access the back office. If your PrestaShop is installed directly in the public_html directory on your hosting account, the URL of the admin panel will be yourdomain.com/admin.
When you open the URL for the first time the folder will be automatically renamed to admin plus some number (e.g. admin3946). You can check the new name in the URL bar of the web browser. You can also check the new name of the folder by accessing the root PrestaShop directory on your hosting account. You can do this from the Files section of the control panel, by using an FTP client, or via SSH. So, for example, if you installed PrestaShop directly in the public_html directory on your account (meaning the frontend is accessible at yourdomain.com), then the path to the folder on the account will be public_html/admin. So if the new name of the folder is admin3946, then you can access the admin panel using the URL yourdomain.com/admin3946. You can rename the admin folder to something different if you want to.
What Net After a PrestaShop Installation
Now that you have installed and created your online store with PrestaShop: congratulations! You have a domain name, lots of ideas, and great expectations.Now, all you need to do is set up and customize your store to make it operational.
Here are a few essential (but not exhaustive) steps to set you on the right track. Just follow us!
1. Maintenance mode
This option lets you work on your store in peace and quiet.
Your customers will see a page letting them know that you are making changes to your e-commerce site.
This mode lets you carry out tests and changes without your clients noticing, giving you a real view of your store.
To enable maintenance mode in PrestaShop, follow these steps:
- Log in to PrestaShop as the administrator.
- On the top menu bar, click Preferences, and then click Maintenance.
- Under Enable Shop, click No. This setting takes your store offline.
- In the Maintenance IP text box, type the IP address or addresses that you want to allow to access the store while it is in maintenance mode.
- Click Save. Now when you visit PrestaShop from an authorized IP address, it displays normally. All other site visitors, however, receive a PrestaShop maintenance message in their web browsers.
Some modules let you add a countdown to your maintenance mode, for example by installing “Maintenance with countdown mode module”. This can be handy if you want to promote a store launch campaign before it goes online.
2. Configuring languages
If you want to sell abroad, you must translate your store into various languages so that each visitor can understand your products and make purchases.
Add a language to your store and remember to translate all your categories and products.
You can find out more information that will help you configure languages in your e-commerce site’s back office.
3. Organizing your catalog
This is the most important part of your store.
Structuring your catalog, drafting product descriptions, choosing photos for your products: all of this is important and must be well thought out.
The first step in creating your catalog is to create categories and sub-categories. Think about your store’s current structure and the changes that you might want to make.
This will keep you from having to reorganize your catalog completely in a few months.
Try to stick to top-level categories and avoid “sub-categories of sub-categories” if you can since they add a step when searching for a product.
Then, you need to add your products. Describe them in as much detail as possible and add several photos.
The product page should include search engine keywords to help bring you more traffic.
You should also pay attention to the quality of product photos, which is extremely important for online buyers.
4. Creating pages with static content
The Ts & Cs or “Terms and Conditions”
These are important because they define the “rules” of your online store.
Orders, deliveries, payment, withdrawal and all your store’s other rules must appear on this page.
Generally located in the footer, your customers must acknowledge them when they pay for their order.
Take the time you need to draft them.
Other recommended pages
- About us: your customers do not know you, and you are a stranger to them when they arrive on your store. The "About us" page lets you introduce yourself, share your values and inform your customers about the products you sell. Make sure to create a complete, informative "About us" page!
- Contact form: your contact page is the form that connects your customers to you and lets you interact with them. This is how they can contact you and how you can help them and answer their questions. Whip up your contact page in a flash!
- The Secure Payment and Delivery pages already exist on PrestaShop. Simply edit them and adjust them to fit your store.
For more information, let this article inspire you and create other static pages for your PrestaShop store.
5. Setting up a payment method
You must offer your customers a payment method if you want them to pay on your site. You have several options such as:
- E-wallets where you can open an account in a few hours and let your customers pay by card or account details.
- A contract with your bank where payments are credited directly to your bank account, but the setup may take longer.
Find out how to set up your payment methods.
6. Setting up a shipping method
To set up a shipping method, you must decide which carrier you want to work with.
Don't forget that different countries have different habits!
Then, set up price or weight bands so you can adjust shipping fees according to the products you sell and the choices you make (for example, free shipping over $100).
Take the time to create good carrier rules.
7. Adding your logo
Once you have finished with the first steps in your back office, you will need to think about your store’s appearance, which is very important for your online sales business.
You should add your logo, which will appear on your store, your emails and your invoices.
Take your time creating it. It must suit your store’s activity.
8. Choosing a theme
You will also need to choose and install a graphic design theme that will set your store’s appearance and user experience.
Carefully consider what you want for your store.
Choosing a theme is a personal choice that must fit the image you want your business to put forward.
9. Adding and activating modules (slideshows, related products, etc.)
When you launch your store, certain features (also called modules) are active, such as demo images or text. You need to configure them so that they fit your store.
For example, you will need to add images and links in your slideshows and configure your related products and social sharing modules with your information.
You have a lot of options that take just a few minutes to set up on your store.
Find out how to activate modules.
10 Enable SSL
This assumes that you already have a valid, functioning SSL certificate installed on your web site. If you do not have an SSL certificate for your site yet, please see our SSL certificate options or use Let's Encrypt certificates available with most accounts.
To enable SSL for PrestaShop, follow these steps:
- Log in to PrestaShop as the administrator.
- On the left sidebar, click Preferences, and then click General.
- Next to Enable SSL, click Please click here to check if your shop supports HTTPS.
If the SSL test for your shop succeeds, the Enable SSL field displays YES and NO options, and the URL in the browser address bar starts with https://. Alternatively, if you receive a warning message (or any other type of error message) after the test, your site either does not have an SSL certificate installed, or it is configured incorrectly.
- To enable SSL for customer account logins and order processing, next to Enable SSL, click YES.
- To enable SSL for all of the pages on your PrestaShop site, next to Enable SSL on all pages, click YES.
- Click Save. SSL is now enabled for PrestaShop.
After enabling SSL, you and your customers may receive browser warnings about insecure content. This occurs when a secure page loads embedded resources insecurely using http:// instead of https://. (Custom themes are a common cause of this problem.).
Using Let's Encrypt with PrestaShop
Using an SSL certificate from a recognized Certificate Authority is recommended for best results when enabling SSL for PrestaShop. Let’s Encrypt is a free, automated, and open certificate authority and is recognized by most modern browsers. Let's Encrypt is supported for all new Todhost Hosting accounts and certificates may even be generated automatically for immediate use.
11. Secure Your PrestaShop
How to improve the PrestaShop security
In this tutorial we'll make some suggestions on how to secure PrestaShop. We'll start with some more general tips that can be applied to other web applications as well, and then we'll go over security settings that are integrated into PrestaShop and can be configured from the admin panel.
Block Access to Admin Directory
By default, when you install PrestaShop you're required to rename the admin directory with a name of your choice. This is in itself a security measure and you should choose a name that is not easy to guess. Once you have the admin directory renamed you can block access to it for all IP addresses except yours. In this way only you will have access to the admin directory and this will improve the security of your store's backend. Of course, you can also give access to other IP addresses in case you want to let other people access the backend.
You can restrict access to the admin directory by putting an .htaccess file with a rule in it in the admin directory.
Choose a complex administrator password. Use a random combination of upper and lower case letters, numbers and symbols; it should be at least 8-10 characters long.
You can change your password from the backend of your store. After you log in click on the My preferences button that's next to your name, just above the tabs. On the page that opens type your new password in the field for Password, and click on the Save button:
If you have some doubts that someone is trying to use your administrator account, you should change the password. The same should be done after you recover your site from a security issue.
You should back up regularly your PrestaShop files and the database used by the application. It's very important to do this, so you can restore you site if something goes wrong. It's also a good idea to keep backups from different dates (e.g. from two weeks ago, from a week ago, etc.). You can back up the files by downloading them with an FTP client, and you can back up the database using phpMyAdmin. For more information read the tutorial on how to back up your site.
You can also back up the database from the backend of your PrestaShop store (Tools tab>DB Backup sub-tab).
Another general advice is to update PrestaShop when there's a new stable version. It might be a bit difficult to update a shop to which you have made a lot of changes and modifications, especially if the shop is a big one, but updates have various improvements, including in terms of security.
You should install PrestaShop in a separate database. If you have other web-based applications, it's recommended to install each in a different database. You should also use a different username and password for each database. From the Databases section of the cpanel control panel you can create as many databases as you want, and you can assign a user to each.
When you install PrestaShop you can also change the default ps_ database table prefix to something else (e.g. tpwmk_).
Make sure that the files and directories on your PrestaShop hosting account have the correct permissions. The appropriate permissions for directories are 755 (rwxr-xr-x) and for files 644 (rw-rr--).
What's most important in this case when it comes to security is the last digit in the permissions. It represents the permissions for all the visitors. You should never have world-writable permissions such as 777 or 666.
The Files section of the cPanel control panel also offers a tool that you can use to fix incorrect permissions. Just click on the button Fix Incorrect Permissions that's on the right side of the screen, and it will fix the world-writable bit, if any.
Generally, third party software provides additional security risks. Sometimes sites are hacked through insecure third party software. So you should install only add-ons and modules that you need and are useful for your store. If there are any modules that you don't use and need any more, you should uninstall them.
Disable Dangerous PHP Functions
There are some PHP functions that you don't need for your store and that can pose security risks. They can be disabled by putting a rule in the php.ini file for your account. This is what the rule looks like (with some sample functions):
disable_functions = proc_open,phpinfo,show_source,system,shell_exec,passthru,exec,popen
Block Access to Template Files
You can protect the template files of your PrestaShop by forbidding access to them. You can do this by putting the following rule in an .htaccess:
<Files *.tpl> order deny,allow deny from all </Files>
You can use the .htaccess file that's in the root PrestaShop directory on your hosting account. For example, if your PrestaShop is installed in a folder called prestashop in the root public_html directory of your account, the path to the file would be public_html/prestashop/.htaccess. You can use the Files section of the cPanel control panel to edit the file. Just insert the rule on a new line in the file, at the end of it, for example.
If you have generated an .htaccess file from the backend of your store (Tools tab>Generators sub-tab), there should be such a file in the root PrestaShop directory on your hosting account. Otherwise, you can either generate an .htaccess file from the backend of your store, or you can create the file from the Files section of the Pixie control panel (there's a Create File button on the right).
Keep in mind that if you regenerate the .htaccess file from the backend of your PrestaShop some time after you have added the above mentioned rule, it will be overwritten and you'll have to add it again.
SSL is a protocol that encrypts the data transfer between the server and the client. In PrestaShop it helps to protect sensitive data such as the login details and the order processing. In order to use SSL with your PrestaShop you need a private SSL certificate. Todhost clients can purchase a private SSL certificate.
Once you have an SSL certificate you have to enable the use of SSL. To do this log in to the backend of your PrestaShop, click on the Preferences tab, find the Enable SSL option and click on the link provided there:
Check IP on Cookie
A cookie is used by the site (server) to store information on the client side (the local computer of the user). This information is used for various things: to identify the user's session, shopping cart content, etc.
The Check IP on Cookie feature is integrated into PrestaShop. You can enable and disable this setting from the backend of your store. It's enabled by default. In this way the IP address of the user is checked with that in the cookie. This is done to make sure that the cookie is not stolen/hijacked. Make sure that the setting is enabled. Log in to the backend of your store, click on the Preferences tab and check that the option Check IP on cookie is set to Yes:
Enable Security Tokens
Another feature of PrestaShop that improves its security is the use of security tokens. This option is also enabled by default, and it's recommended to keep it enabled. To check that it's enabled, go to the Preferences tab of your store's admin panel and make sure that the option Increase Front Office security is set to Yes:
In PrestaShop ciphering is used to secure account details. From the backend of your PrestaShop you can choose between two different ciphering algorithms. One is Rijndael with mcrypt and the other is the custom BlowFish class. To change the ciphering algorithm, click on the admin panel's Preferences tab, then on the Performance sub-tab, and scroll down to the section Ciphering. By default, the algorithm is set to Rijndael with mcrypt:
There are different opinions on which one is more secure. However, it's doubtful that switching between the two algorithms will have any impact both on the security and performance of your store, but it's good to have some choice and to know about this feature. Keep in mind that switching the algorithm will clear all cookies, meaning that all logged in users will be logged out.
Geolocation by IP Address
This is an option that might be more useful for other purposes than to be used as a security measure per se. For example, if you want customers only from certain countries to be able to visit your store and buy from it. Nevertheless, if you want to restrict the access to your store for users from certain countries, you can do it by using this PrestaShop feature. Visitors are identified as accessing the store from a particular country based on the IP address of their computer.
To configure this feature, log in to the backend of your PrestaShop, click on the Preferences tab and then on the Geolocation sub-tab. Before you can enable the setting you have to download an archive using the link provided at the top of the page:
After you download the archive to your local computer you have to unzip it and upload its content to the folder for the geolocation tool on your hosting account. For example, if your PrestaShop is installed in a folder called prestashop in the root public_html directory on your hosting account, the path where you have to upload the content of the archive would be public_html/prestashop/tools/geoip.
After that go back to the Geolocation sub-tab of your PrestaShop, set the option Geolocation by IP address to Enabled and click on the Save button. On the same page there's a list with all the different countries. The checkbox in front of each country is marked which means that all have access. To restrict the access for visitors from a particular country just unmark the checkbox for that country.
From the drop-down menu Geolocation behavior for restricted countries you can select what the visitors from these countries are allowed to do. You can either allow them to see the catalog without being able to place any orders, or you can completely restrict their access to the catalog. Don't forget to click on the Save button if you make any changes.