Several ways to enhance your store's security are discussed.
1. Moving the config file outside the public accessible folder tree. This prevents someone from getting access to the configuration file.
Move Config File: If you want to keep the config details (passwords, etc.) out of the main public folders, allowing for quick updates in the future, you may do so by moving the entire /sbconf/ folder (and files) to the root directory, outside the /public_html/ folder. Then open the stconfig.php page and change the line:
to use the direct path, as in:
Also change the config.php reference in the setup.php page, if you have not already set up the system.
This update is very handy for web hosts who would like to store config details outside the client's site for control purposes. Web hosts who have server control can move the file to a higher level in the server, and can change the folder or config page accordingly. For instance, you may want to create a master /config/ folder in the home of the server, then set up a config file for each user (ie. /home/config/user1.php, /home/config/user2.php, /home/config/user3.php, etc.). This is optional, and used mostly for larger resellers, so if you aren't familiar with file structures or don't want to make file changes, you do not have to use this mod.
2. Use https for the store admin.