Prestashop installation directory must be deleted after a successful installation. It should not be renamed, as the remaining directory can contain code that is exploitable if publicly accessible, such as:

  • tool to sync information in database
  • tool to extract db information in xml files

Install dir tool

Understanding how renamed install directories become vulnerable to discovery

We have seen scan from bots that try to access several CMS known sensible directories. The following list is not exhaustive but give an example of directories scanned


What should I do

Check your Prestashop installation and delete the install directory. Enable a check on your monitoring platform to detect such directory or ask your hosting company to detect and notify you if an install directory is detected.

If you have an install directory at the root of your Prestashop installation, you should search your access log to check if the directory was accessed.