What Is PrestaShop? Ecommerce Features & Reasons To Use

PrestaShop is a free, secure, and open-source e-commerce platform. But what is PrestaShop exactly? We look at PrestaShop's many features.

In short, PrestaShop is a feature-rich, free, secure, and open-source e-commerce platform. We're going to dive into the finer details of exactly 'what is PrestaShop?'.

Back in May 2007 the first public version of PrestaShop was released, its come a long way since then having recently celebrated over 100,000 active stores.

PrestaShop interest is growing with a new website launched ahead of the soon to be released PrestaShop 1.5 things are looking good. But exactly what is PrestaShop?

PrestaShop is open source

PrestaShop is an Open-source e-commerce solution. This is great news for several reasons.

It means that the software is free to be used, modified, and distributed as you see fit. You can see the finer details in the Open Software License 3.0.

This affects many things, from the ability for you to ** use PrestaShop freely on your next client project, to support given by the PrestaShop community as it is **open, scalable, and constantly being improved.

What is PrestaShop's biggest strength? Probably being open-source, as it is key to the many areas of PrestaShop we are about to look at.

PrestaShop is packed with features

PrestaShop comes packed with over 275 features out-the-box, and features are improving and increasing with every new version.

Key features include

Product Management

• Unlimited categories, products and attributes
• Product comparison
• Quantity / Stock management
• Multiple images with lightbox
• Product image zoom
• Cross-selling / Related products
• Customer product reviews

Store Management

• Custom store design with PrestaShop Themes
• Multiple 'employees' with customised permissions
• Custom invoices
• Affiliate programme

SEO

• 'Friendly' URL structure
• Google Sitemaps
• Performance settings for maximum speed
• Meta tag support on everything

Checkout

• One page or multi-page checkout
• Guest checkout
• Gift messages / wrapping
• Saved shopping carts

Shipping

• Shipping fees by weight or price
• Billing / Shipping addresses
• Unlimited carriers and destinations to fine-tune your shipping options

Payments

• Integrates with any payment provider through modules (many included).
• Tax by country, states and counties
• Payment gateway filtered by currency

Marketing

• Automated follow-up emails
• Coupons and Vouchers
• Newsletter subscription
• Loyalty programme
• Refer-a-friend

Customers

• Customer groups with custom pricing, shipping settings etc
• Order tracking
• Returns management
• Guest account to full account conversion

Translations / Localisation

• Available in 41 languages
• Allow customer to choose language
• Unlimited currencies with exchange rate sync
• Geolocation - settings based on your customer's location
• Address format for customer's country

Security

• PCI Compliant
• SSL Support
• Secure admin
• Encryption

Analytics / Reporting

• Track visitors
• Track orders and sales
• See best sellers, most viewed products etc

You can see a full list of every feature on the features page of the PrestaShop website ordownload the feature PDF.

PrestaShop Modules

If there's a feature that PrestaShop doesn't come with, the PrestaShop Addons website holdsover 1000 more modules that you can 'plug' into your store to enhance it.

PrestaShop modules could range from supporting a new payment provider, to displaying a fancy slideshow of product images on your home page.

If you're a developer with knowledge of PHP it's straightforward to dive right in and start creating PrestaShop modules of your own for your clients needs.

Lightweight

With so many features you might think things get complicated and slow. This is not the case, asPrestaShop is built to be lightweight and intuitive.

As PrestaShop uses modules for a lot of its features, if there is a certain feature you no longer require it can be disabled, keeping your PrestaShop store simple and agile.

User Documentation

If you're new to PrestaShop and don't know where to start, the PrestaShop website offers User documentation to step you through the process of setting up your store.

PrestaShop is secure

Security is of course a big concern when it comes to running an online store, and PrestaShop is serious about making their software as secure as possible.

PrestaShop supports SSL web hosting, password and cookie encryption and PCI compliance.

If you're wondering what is PrestaShop's stance on security, you can see the finer details on theirSecurity feature page.

PrestaShop is used worldwide

As mentioned, PrestaShop is now used and trusted in over 100,000 active stores worldwide in over 150 countries.

http://youtu.be/jzsrPHGCefQ

Being available in 41 languages, and supporting unlimited currencies, tax and shipping rules, you can truly use your PrestaShop store to service the world.

You can read about other merchant's success stories or see the great work designers have done using PrestaShop in the showcase.

The PrestaShop website also has testimonials from Google, Web Agencies, as well as fellow developers and merchants.

Multilingual

The 41+ languages are driven by a community effort to translate PrestaShop for use around the globe.

You can download language packs from the PrestaShop website, or if you're a native speaker of a language not listed you can contribute too!

PrestaShop is community driven

A lot of what is PrestaShop's strengths comes down to the fact that it is open-source and community driven.

Features such as the language packs mentioned previously would not be possible if it wasn't for the community contributing to the software.

PrestaShop Forums

As PrestaShop is community driven, the PrestaShop forums are a great resource of information from other users or developers willing to lend a hand.

If you get stuck, you can be sure that there is someone that has previously had the same issue and willing to lend support.

You're not stuck relying on call centres or patchy customer service from companies you actual pay to use.

Bug tracking

You can report bugs and issues you find with the software to PrestaShop Forge, the open bug tracker.

This helps PrestaShop iron out problems as quickly as possible, and also ensures that any problems you may come across on your store are fixed in the next update.

PrestaShop Events

PrestaShop regularly gets together with its community members and partners to talk about developments, whats around the corner, and to answer QA sessions.

http://vimeo.com/22682806

You can find out when the next event will be taking place by visiting the PrestaShop events.

Wordpress Security tips

1. Use secure hosting

Not all web hosting providers are created equal and, in fact, hosting vulnerabilities account for a huge percentage of WordPress sites being hacked.

When choosing a web hosting provider, don’t simply go for the cheapest you can find. Do your research, and make sure you use a well-established company with a good track-record for strong security measures.

It’s always worth paying a bit extra for the peace of mind you get from knowing your site is in safe hands.

2. Update all the things

Every new release of WordPress contains patches and fixes that address real or potential vulnerabilities. If you don’t keep your website updated with the latest version of WordPress, you could be leaving yourself open to attacks.

Many hackers will intentionally target older versions of WordPress with known security issues, so keep an eye on your Dashboard notification area and don’t ignore those ‘Please update now’ messages.

The same applies to themes and plugins. Make sure you update to the latest versions as they are released. If you keep everything up-to-date your site is much less likely to get hacked.

3. Strengthen up those passwords

According to this infographic, around 8% of hacked WordPress websites are down to weak passwords.

If your WordPress administrator password is anything like ‘letmein’, ‘abc123’, or ‘password’ (all way more common than you might think!), you need to change it to something secure as soon as possible.

For a password that’s easy to remember but very hard to crack, I recommend coming up with a good password recipe.

If you’re feeling lazy, you can also use a password manager like LastPass to remember all your passwords for you. If you use this method, make sure your master password is nice and strong.

4. Never use “admin” as your username

Earlier this year, there was a spate of brute-force attacks launched at WordPress websites across the web, consisting of repeated login attempts using the username ‘admin’, combined with a bunch of common passwords.

If you use “admin” as your username, and your password isn’t strong enough (see #3), then your site is very vulnerable to a malicious attack. It’s strongly recommended that you change your username to something less obvious.

Until version 3.0, installing WordPress automatically created a user with “admin” as the username. This was updated in version 3.0 so you can now choose your own username. Many people still use “admin” as it’s become the standard, and it’s easy to remember. Some web hosts also use auto-install scripts that still set up an ‘admin’ username by default.

Fixing this is simply a case of creating a new administrator account for yourself using a different username, logging in as that new user and deleting the original “admin” account.

If you have posts published by the “admin” account, when you delete it, you can assign all the existing posts to your new user account.

5. Hide your username from the author archive URL

Another way an attacker can potentially gain access to your username is via the author archive pages on your site.

By default WordPress displays your username in the URL of your author archive page. e.g. if your username is joebloggs, your author archive page would be something like   http://yoursite.com/author/joebloggs

This is less than ideal, for the same reasons explained above for the “admin” username, so it’s a good idea to hide this by changing the user_nicename entry in your database, as described here.

6. Limit login attempts

In the case of a hacker or a bot attempting a brute-force attack to crack your password, it can be useful to limit the number of failed login attempts from a single IP address.

Limit Login Attempts does just that, allowing you to specify how many retries will be allowed, and how long an IP will be locked out for after too many failed login attempts.

There are ways around this, as some attackers will use a large number of different IP addresses, but it’s still worth doing as an additional precaution.

7. Disable file editing via the dashboard

In a default WordPress installation, you can navigate to Appearance > Editor and edit any of your theme files right in the dashboard.

The trouble is, if a hacker managed to gain access to your admin panel, they could also edit your files that way, and execute whatever code they wanted to.

So it’s a good idea to disable this method of file editing, by adding the following to your wp-config.php file:

define( ‘DISALLOW_FILE_EDIT’, true );

8. Try to avoid free themes

We’re confident in the quality and security of our free themes. As a general rule though, it’s better to avoid using free themes, if possible, especially if they aren’t built by a reputable developer.

The main reason for this is that free themes can often contain things like base64 encoding, which may be used to sneakily insert spam links into your site, or other malicious code that can cause all sorts of problems, as shown in this experiment, where 8 out of 10 sites reviewed offered free themes containing base64 code.

If you really need to use a free theme, you should only use those developed by trusted theme companies, or those available on the official WordPress.org theme repository.

Note: The same logic applies to plugins. Only use plugins that are listed on WordPress.org, or built by a well-established developer.

9. Keep a backup

I can’t overemphasize the importance of making regular backups of your website. This is something that many people put off until it’s too late.

Even with the best security measures at your disposal, you never know when something unexpected could happen that might leave your site open to an attack.

If that happens you want to make sure all of your content is safely backed up, so that you can easily restore your site to its former glory.

The WordPress Codex tells you exactly how to backup your site, and if that seems like too much hard work, you can use a plugin such as WordPress Backup to Dropbox to schedule regular automatic backups.

10. Use security plugins

As well as all of the measures above, there are tons of plugins you can use to tighten your site’s security and reduce the likelihood of being hacked.

Here are a handful of popular options:

• http://wordpress.org/plugins/better-wp-security/ – offers a wide range of security features.
• http://wordpress.org/plugins/bulletproof-security/ – protects your site via .htaccess.
• http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ – adds a firewall to your site.
• http://wordpress.org/plugins/sucuri-scanner/ – scans your site for malware etc.
• http://wordpress.org/plugins/wordfence/ – full-featured security plugin.
• http://wordpress.org/plugins/websitedefender-wordpress-security/ – comprehensive security tool.
• http://wordpress.org/plugins/exploit-scanner/ – searches your database for any suspicious code.