Odoo Help


This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


How to increase the security of Odoo ?

August Doo
on 8/27/15, 4:38 PM 2,368 views

Hi community, I've been using Odoo v8 for a while, and recently when I read the log and found it was under serious attack. I used Cloudflare which I don't know much and just noticed when Cloudflare is turned on, I can't edit my website. I know it is recommened to install Nginx ans SSL certificate. Is that the only solution? Will that affect editing website? What's your suggestion to increase the security of Odoo? Cheers


Emipro Technologies Pvt. Ltd.

--Emipro Technologies Pvt. Ltd.--
Tiny ERP Pvt Ltd
| 6 7 8
Rajkot, India
--Emipro Technologies Pvt. Ltd.--

Being an emerging leader in IT market since 2011, Emipro Technologies Pvt. Ltd. has been providing a wide range of business solutions in Odoo & Magento. We are pleased to have a large pool of contented customers with our meticulous work in the domain of ERP & e-Commerce. A ray of relief & satisfaction to  our customers heart by our successful deployment in their organization, purely represents our success in Odoo platform. Hence, we take pride for being an Odoo partner with a vision of expanding our strategic alliances with our customers to offer them high value-added, trustworthy & cost effective solutions.


Since establishment, our business has span across 11 countries of the world. Our customers are companies of all sizes ranging from start-ups to large enterprises, who realize that they need a professional business solutions to generate revenue streams, establish proper communication channels or streamline business operations. Standing with strong determination of customer satisfaction, observing each minute detail of their business processes, providing proper guidance and moving forth to develop product accordingly adds our value and reliability among our customers. 


We are blessed with efficient, passionate & eclectic young developers who have come across almost all kinds of business profiles, working with full dedication, applying creativity & new features in existing modules and completing customer's projects successfully on predefined target. Our in-depth knowledge while giving business solutions in Odoo allows us to offer following services to our customers :


  • Consulting
  • Installation, Configuration & Customization
  • Training & Support
  • Maintenance
  • Upgradation
  • Documentation
  • Crafting community modules
  • Drafting videos on demand
  • Smart Apps development

We will be :) to welcome you @ www.emiprotechnologies.com to solve any kind of your business needs around Odoo. However we are just an inch away from you by email info@emiprotechnologies.com or a tweet to @EmiproTech

Emipro Technologies Pvt. Ltd.
On 8/28/15, 2:17 AM

From our vast experience on Odoo implementations so far, we suggest following steps to secure your Odoo.

  • Set private ssh key for your Odoo server.

  • Start your Odoo in SSL mode.

  • Install Nginx in your Ubuntu Server.

  • Stop access of all unnecessary ports from firewall of your Ubuntu Server.

  • Set proper data access rights & access rules into your Odoo instance.

  • Set proper authentication method for your PostgreSQL database user.

  • Set tricky password for PostgreSQL user.

  • Apply encryption on Database and Odoo user passwords.

  • Set Tricky password for Super Admin.

  • Request all your ERP users to set difficult password.

  • Give FTP access for your ERP users and don't allow them to create files out of their directory on your Ubuntu Server.

  • Set proper access rights on your custom addons and default Odoo addons via chmod and chown commands.

  • Have a look on /var/log/postgresql/postgresql-9.1-main.log file for malware attack on your database.

  • Manage your Odoo log file properly.

  • Transfer database & custom addons backup to remote place at frequent amount of time.

  • Change and set tricky password for detault postgres user in your database server.

  • Stop xmlrpc if you don't want your ERP to connect from 3rd party systems. ( set xmlrpc=False in your config file )

  • Remove "Manage Database" link from home page of your live Odoo instance. ( it's suggestion only )

  • Ignore installation of Odoo where multiple other websites are hosted.

  • We highly recommend to ignore creation of any kind of demo database in Live Odoo instance. 

  • Ignore to host your Odoo in Web hosting servers, always host Odoo in trusted VPS sites. ( Amazon, Raskspace, DigitalOcen, Myhosting etc..)

  • Monitor Incoming and outgoing TCP/IP traffics in your Ubuntu Server.  Few of our customers for whom we have implemented Odoo for more then 150+ users, they hired their own server administrator to monitor incoming and outgoing TCP/IP traffics. ( Visit this link )

  • Never give full access of your server to your Odoo service providers, always give them folder access of their own custom addons with their separate user. ( It's advisable to not share root user password to anyone. )

  • If customer can afford healthy cost, we always suggest them to set up their own in-house hosting server instead of VPS.

You can direct ask any Odoo related problem to us via a tweet. Tweet us to @EmiproTech 

Very good list and arguments. I'd like to argue about the fact from an in-house hosting server though. Why would that be better than a VPS that usually has a lot of pre-configgured security measures?

on 8/28/15, 3:24 AM

Off course VPS is good choice but for highly secured data and in big projects our customers prefers their own server instead of VPS. Another problem we have observed is some cheapest VPS gets shutdown automatically so Odoo automatic processes gets disturbed..

Emipro Technologies Pvt. Ltd.
on 8/28/15, 4:58 AM

many thanks for such a good synthesis, voted!

August Doo
on 8/28/15, 6:22 AM

Thanks @August & @Yenthe

Emipro Technologies Pvt. Ltd.
on 8/28/15, 6:34 AM

I think that this question and answer is eligible to be added to the standard odoo documentation.

Tarek Mohamed Ibrahim
on 8/28/15, 9:32 AM

The clue is to never go with very cheap VPS'es, they have poor performance and poor uptimes. :) But really a +1 for this great list!

on 8/28/15, 10:18 AM

@Yenthe, Please write in a note ( I will sign on that note ) "In near by future Odoo will face 2 mejor issues Server security and Database performance issues & Speed optimization issues." Emipro is very much sincere and we have started our thinking in those direction

Emipro Technologies Pvt. Ltd.
on 8/28/15, 10:59 AM

Very good security list, just add that SFTP is more secured than FTP and you could find scriptable solutions out there or customize your own based on paramiko like I did with https://github.com/aek/solt_sftp

Axel Mendoza
on 8/28/15, 10:32 PM


Emipro Technologies Pvt. Ltd.
on 12/16/15, 5:09 AM

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

6 follower(s)


Asked: 8/27/15, 4:38 PM
Seen: 2368 times
Last updated: 8/11/16, 8:08 AM