The 5 Best Practices to Secure Your Dolibarr Installation
   02/09/2025 00:00:00     Dolibarr    0 Comments
The 5 Best Practices to Secure Your Dolibarr Installation

Introduction

Dolibarr is an open-source ERP and CRM solution widely adopted by small and medium-sized enterprises to manage their business. However, like any software accessible via the Internet, Dolibarr must be properly secured to prevent cyberattacks, data leaks, and malicious intrusions. A poorly configured installation can leave your business vulnerable to hackers.

In this article, we will explore the five best practices to secure your Dolibarr installation and ensure the protection of your sensitive data.

1. Regularly Update Dolibarr and Its Modules

1.1. Why Updates Are Essential

Dolibarr updates contain security patches, performance improvements, and new features. Running an outdated version of Dolibarr can expose known vulnerabilities that attackers can exploit.

1.2. How to Update Dolibarr

  • Access the Dolibarr administration panel.

  • Check the Updates section to see if a new version is available.

  • Perform a full backup before any update.

  • Follow the official update instructions to avoid data corruption.

1.3. Keeping Modules and Extensions Updated

Additional modules can serve as entry points for attacks if their code is not regularly updated. Always ensure your extensions are developed by reliable sources and receive active maintenance.

2. Secure Access to Administration and Data

2.1. Change Default Credentials

During the initial installation, Dolibarr creates an administrator account with default credentials. Failing to change these credentials is a major security flaw.

  • Immediately change the administrator password.

  • Use strong passwords with at least 12 characters, including uppercase, lowercase, numbers, and special characters.

2.2. Restrict Access to Administrator Accounts

  • Create user accounts with specific roles instead of giving administrator access to everyone.

  • Disable unused or temporary accounts.

  • Enable two-factor authentication (2FA) for critical accounts.

2.3. Limit Access to Sensitive Files

  • Protect the conf.php file, which contains database connection information.

  • Add a rule in your web server to prevent direct access to sensitive files.

3. Secure Dolibarr’s Database

3.1. Choose a Strong Database Password

The database stores all your company and customer information. A weak password could allow attackers to gain access.

Tips:

  • Use a unique and complex password.

  • Never store login credentials in plain text.

  • Regularly change database credentials.

3.2. Restrict Database Access

  • Configure your MySQL/PostgreSQL server to only accept connections from the Dolibarr server.

  • Avoid using the root account for Dolibarr; create a dedicated user with limited privileges.

3.3. Perform Regular Backups

In case of an attack or failure, having a recent backup allows you to restore your system quickly without data loss.

  • Enable automatic backups.

  • Store multiple backup copies in secure locations.

  • Regularly test backup restoration to verify data integrity.

4. Secure the Server Hosting Dolibarr

4.1. Use a Secure Server

Your web server is the first line of defense against attacks. To ensure optimal protection:

  • Use a dedicated server or a secure hosting service.

  • Install only the necessary services (Apache/Nginx, PHP, MySQL/PostgreSQL).

  • Disable unnecessary PHP modules to minimize risks.

4.2. Configure a Firewall and Access Rules

A firewall protects your server from unauthorized connections.

  • Configure a software firewall (UFW, iptables).

  • Restrict access to critical ports (22 for SSH, 3306 for MySQL).

  • Enable Fail2Ban to block suspicious login attempts.

4.3. Enforce Encrypted Communications

Using an SSL/TLS certificate ensures that all communications between the server and users are secure.

  • Install a valid SSL certificate (Let's Encrypt, Certbot).

  • Force HTTPS access via your web server.

  • Disable outdated TLS versions (TLS 1.0 and 1.1).

5. Educate and Train Users

5.1. Educate Users on Security

Cyberattacks often target human errors. An uninformed user can unknowingly compromise Dolibarr’s security.

  • Organize regular training sessions on cybersecurity.

  • Explain the risks of phishing and malware.

  • Raise awareness about the importance of strong passwords.

5.2. Restrict Dolibarr Use on Unsecured Networks

  • Avoid connecting to Dolibarr from public or unsecured networks.

  • Use a VPN when accessing your installation remotely.

5.3. Implement an Access Management Policy

  • Immediately revoke access for employees who leave the company.

  • Conduct regular permission audits to identify unnecessary access rights.

Conclusion

Securing Dolibarr is not a one-time task but a continuous process that requires constant vigilance. By applying these five best practices, you strengthen your installation’s security and reduce the risk of cyberattacks.

Summary of Best Practices:

  1. Regularly update Dolibarr and its modules.

  2. Secure access to administration and data.

  3. Protect the database with strong passwords and access restrictions.

  4. Strengthen the security of the server hosting Dolibarr.

  5. Train and educate users on best security practices.

By adopting these measures, you ensure a secure and reliable work environment for your business. Start making the right decisions now to protect your data and your Dolibarr system!

Comments

Log in or register to post comments