Tutorial on setting up DEDECMS website security to prevent hacking

Many customers often encounter or worry about the website being hacked during use. This simple tutorial explains to customers a series of security settings for the DEDE website. As long as you follow the following three points, you can avoid 99% of the website being hacked. Hanging horse situation.

1 Simplified Settings:

Delete all unnecessary functions. For example, if you don't need membership, delete the member folder. Removing redundant components is the best way to avoid being injected by hackers. Add empty index.html to each directory to prevent the directory from being accessed. (Recommended learning: 梦Weavercms)

DreamWeaver can delete the directory list: member membership function special topic function install installation program (must be deleted) company enterprise module plus\guestbook message board and others Modules that are generally not used can be left uninstalled or deleted.

2 Password Settings:

The administrator password must be long and mixed with letters and numbers. Try not to use admin. After the initial installation is completed, delete admin and create a new one. The name of the administrator should not be too simple.

The password stored in the DreamWeaver system database is MD5. Generally, even if HACK obtains the MD5 password through injection, if your password is strict enough, the other party cannot reverse it. Also helpless.

But the current MD5 cracking website is too advanced. The 4T hard drive is full of MD5 passwords. Even if your password is very complex, it can sometimes be deceived. This is how my previous site was hacked. So the password must be complex enough.

三 Dede deleteable file list:

file_manage_control.php 
file_manage_main.php 
file_manage_view.php 
media_add.php 
media_edit.php 
media_main.php

These files in the DEDE management directory are background file managers (these two This function is the most redundant and affects security the most. Many HACKs are used to mount Trojans. It is simply a small mounter, which is very convenient for uploading and editing Trojans. Generally, there is no need to delete them all).

If you do not need the SQL command runner, delete the dede/sys_sql_query.php file. Avoid HACK exploitation.

If you do not need the tag function, please delete tag.php in the root directory. Please delete digg.php and diggindex.php in the root directory if you don’t need to be a guest!

Do the above three points to ensure your website is safe and reliable!

The above is the detailed content of Tutorial on setting up DEDECMS website security to prevent hacking. For more information, please follow other related articles on the PHP Chinese website!