PrestaShop’s Back Office occasionally flags security warnings — unresolved patches, writable directories, weak admin URLs. Some are cosmetic; others are genuine risks. This guide explains the warnings on a SmartXHosting PrestaShop store, the housekeeping that matters and UK GDPR obligations.
Types of security warnings • Security patch notifications • File permission warnings • Admin URL hardening • Imunify360 alerts • UK GDPR breach notification • FAQ
PrestaShop releases patches on a regular cadence. SmartXHosting monitors and schedules patch application via support ticket. Process:
Expected permissions:
config/parameters.php: 600 (contains encryption keys)Plesk “Fix Permissions” button automates. If warnings persist, SmartXHosting support resolves within a ticket.
SmartXHosting PrestaShop installations ship with randomised admin URL (yourdomain.co.uk/admin_xxxxxx). If reset to /admin, rename via SSH:
mv admin admin_r4nd0m12Update app/config/autoload.php with the new admin folder. Additional protections:
Imunify360 (pre-installed) monitors:
View events via Plesk › Imunify360. New store owners benefit from a walk-through with SmartXHosting support.
UK GDPR Article 33 requires ICO notification within 72 hours of a qualifying personal data breach. For UK online retailers:
PrestaShop hosting with proactive security
Imunify360, scheduled patches, UK data centre and UK-based incident response — SmartXHosting PrestaShop plans include security by default.
See PrestaShop plansQ: Should I worry about “writable by others” warning?
A: Lower urgency on Plesk’s isolated tenant setup than on shared hosting. Still worth fixing via support ticket.
Q: PCI DSS requirements on PrestaShop?
A: SAQ-A applies when using hosted Stripe/PayPal forms. SmartXHosting infrastructure is PCI-compliant.
Q: How often should I rotate admin passwords?
A: Every 90 days or when a staff member leaves.
Q: Can I enable 2FA on admin?
A: Yes via modules like “2FA for PrestaShop”. Free, TOTP-based, works with Google Authenticator.
Q: How do I run a malware scan?
A: Plesk › Imunify360 › Files. Full scan takes minutes; alerts surface in Events.
Q: Does SmartXHosting monitor outside business hours?
A: Platform monitoring 24/7 with automated paging. Business hours for ticket response; P1 incidents (active compromise) trigger out-of-hours.
Q: What about OWASP Top 10?
A: Imunify360 + TLS 1.3 + secure PHP settings cover most categories. Plus scheduled patches. Review OWASP periodically; SmartXHosting can advise.