Secure YourosCommerce medium Site
3 htaccess methods to protect your site
1. In the first method place a htaccess file with the following code in includes folder:

<Files *.php>
Order Deny,
Allow
Deny from all
</Files>
What this method does ?
– This method avoids direct execution of any of the .php files.Commonly what Hackers do,they place file/files inside includes folder and will execute a file and hack your osCommerce site using site URL/includes/page URL. The.php deny in above code will restrict this execution to happen.

2.In the second method use following htaccess codein images folder (catalog/images):
<FilesMatch “.(php([0-9]|s)?|s?p?html|cgi|pl|exe)>
Order Deny,
Allow Deny from all
</FilesMatch>

What this method does ?
– Hackers place file/files inside includes folder andwill execute a file and hack your osCommerce site using site URL/includes/page URL.With the help of some hacking technique hackers can get a file in images folder which has 777 permission and then using URL may hack your site. Above method prevents such hacking.
3. In the third method in base folder(catalog folder)use following htaccess to secure your site:
Secure your site via htaccess

I hope the above methods will help you to secure your osCommerce site.