10 Tips to Secure Your Dolibarr Installation
   03/12/2025 00:00:00     Dolibarr    0 Comments
10 Tips to Secure Your Dolibarr Installation

Dolibarr is an open-source ERP and CRM widely used by businesses to manage their operations. Like any online software, it is essential to secure your installation to prevent cyberattacks, data loss, and security breaches. Poor configuration or lack of protection can expose customer data, financial information, and administrative access to potential threats.

In this article, we provide 10 essential tips to enhance the security of your Dolibarr installation and ensure optimal data protection.

1. Use a Secure Hosting Provider

Choosing the right hosting provider is crucial to ensuring Dolibarr’s security. Opt for a trusted hosting service that offers:

✔ An SSL/TLS certificate to encrypt data.
Firewalls and protection against DDoS attacks.
Automatic backups to restore your data in case of incidents.

If you use a VPS or dedicated server, ensure that it is properly configured and regularly updated.

2. Always Use the Latest Version of Dolibarr

Each Dolibarr update includes security fixes and improvements. Keeping your installation up to date is essential to avoid exploitation of known vulnerabilities.

???? Recommendation: Regularly check for new versions on the official Dolibarr website and update your installation as soon as a new release is available.

3. Restrict Access to the Installation Directory

After installing Dolibarr, make sure to delete or restrict access to sensitive files:

Delete the /install folder after installation.
Protect the /documents folder using an .htaccess file or access restrictions.
Restrict access to critical files, such as conf.php, by setting the correct file permissions (chmod 600).

4. Enable HTTPS Encryption

HTTPS encryption protects data exchanges between Dolibarr and its users from being intercepted by attackers.

???? How to do it?

  • Install an SSL/TLS certificate on your server (Let’s Encrypt is a free and effective option).
  • Force HTTPS access by modifying your Apache or Nginx configuration file.
  • Ensure that all resources (CSS, images, scripts) are loaded over HTTPS to avoid security warnings in browsers.

5. Secure Admin Account Access

The admin account is the primary target for attacks. To secure it:

Use a strong password with at least 12 characters, including uppercase, lowercase, numbers, and special characters.
Enable two-factor authentication (2FA) to add an extra layer of protection.
Limit login attempts to prevent brute force attacks.

???? Tip: Change the default admin username to make it harder for hackers to guess.

6. Configure File and Directory Permissions

File and directory permissions prevent unauthorized users from accessing or modifying critical files.

???? Best practices:

  • Configuration files (conf.php) → chmod 600
  • Dolibarr core files → chmod 644
  • Dolibarr directories → chmod 755

If Dolibarr is installed on a shared server, make sure to disable write permissions for external users.

7. Restrict Access to the Administration Panel

Limiting access to the administration panel helps prevent unauthorized logins. You can:

Restrict access by IP address using .htaccess (Apache) or nginx.conf (Nginx).
Limit access to specific hours using a firewall.
Create secondary admin accounts with restricted rights to avoid using the super-administrator account frequently.

8. Set Up Regular Backups

Backups are essential to recover data in case of hacking, system failure, or accidental deletion.

???? Recommended Backup Plan:
Daily automatic backup of the database.
Weekly backup of Dolibarr files.
Store backups on a secure remote server or an encrypted cloud storage.

???? Tip: Regularly test your backup restoration process to ensure they work properly.

9. Monitor Logs and Detect Suspicious Activity

Dolibarr generates activity logs that allow you to track logins and detect possible hacking attempts.

???? Actions to take:
Regularly check logs in the admin panel.
Use monitoring tools like Fail2Ban to block unauthorized access attempts.
Enable alerts for suspicious logins via email or monitoring software.

10. Disable Unused Modules

Dolibarr has many modules, but each active module can be a potential security risk if not regularly updated or correctly configured.

???? Best practices:
Disable all unused modules to reduce the risk of vulnerabilities.
Check the source of modules before installing them, preferring those from Dolibarr Store or trusted developers.
Keep all modules updated to benefit from security patches.

Conclusion

Securing your Dolibarr installation is a top priority to protect your company’s data and prevent cyberattacks. By following these 10 essential tips, you significantly reduce the risk of security breaches and ensure a reliable and secure use of your ERP.

Summary of Best Practices:

1️⃣ Choose a secure hosting provider
2️⃣ Regularly update Dolibarr
3️⃣ Restrict access to sensitive files
4️⃣ Enable HTTPS encryption
5️⃣ Strengthen admin account security
6️⃣ Correctly configure file and directory permissions
7️⃣ Restrict access to the admin panel
8️⃣ Implement automatic backups
9️⃣ Monitor logs and detect suspicious activity
???? Disable unused modules

By applying these best practices, your Dolibarr installation will be robust and secure against potential threats.

Comments

Log in or register to post comments