---
title: "How to Secure the configure.php File for osCommerce"
description: "After installing osCommerce you will see a message similar to \"I am able to write to the configuration file: /home/userna99/public_html/includes/configure.php. This is a potential security risk -..."
url: https://www.inmotionhosting.com/support/edu/oscommerce/how-to-secure-the-configure-php-file-for-oscommerce/
date: 2013-04-18
modified: 2021-08-16
author: "InMotion Hosting Contributor"
categories: ["OsCommerce"]
type: post
lang: en
---

# How to Secure the configure.php File for osCommerce

[![](https://www.inmotionhosting.com/support/wp-content/uploads/2013/04/edu_oscommerce_101_configure-php_security-risk-message.png)](/support/wp-content/uploads/2013/04/edu_oscommerce_101_configure-php_security-risk-message.png)

After installing osCommerce you will see a message similar to “I am able to write to the configuration file: /home/userna99/public_html/includes/configure.php. This is a potential security risk – please set the right user permissions on this file.”

In this tutorial I will show you how to modify the permissions of the configure.php file, so it is secured and the notification will go away.

## Securing the configure.php File:

1. [Login to your cPanel](/support/edu/cpanel/how-to-log-into-cpanel/).
2. Under the *File* section, click the **File Manager**. If the *File Manager Directory Selection* window comes up, click Web Root, and click the **Go** Button.
3. Navigate to the *configure.php* file specified in the error. In my tests it is: /home/userna99/public_html/includes/configure.php
4. Right-click the configure.php file, and click **Change Permissions**.
5. In the change permissions window, change them to 4-4-4, then click the Change Permissions button. [![](https://www.inmotionhosting.com/support/wp-content/uploads/2013/04/edu_oscommerce_101_configure-php_changing-permissions.png)](/support/wp-content/uploads/2013/04/edu_oscommerce_101_configure-php_changing-permissions.png)
6. Now login to the osCommerce Admin section, and you will see the “Security risk” message is gone, and has been replaced by “This is a properly configured installation of osCommerce Online Merchant!” [![](https://www.inmotionhosting.com/support/wp-content/uploads/2013/04/edu_oscommerce_101_configure-php_properly-configured.png)](/support/wp-content/uploads/2013/04/edu_oscommerce_101_configure-php_properly-configured.png)

Congratulations, now the configure.php file for your osCommerce is protected from a potential security risk!
