DEDECMS security settings
Many friends who have installed DEDECMS are very concerned about the security of DEDECMS. Trouble, we often encounter things such as horse hanging, hidden links, etc. DreamWeaver Cat has also encountered it. Through Baidu search, we have summarized some methods to improve the security of DreamWeaver. The following settings can significantly improve the security of DreamWeaver. .
Recommended learning: DreamWeaver cms
Recommended to install DreamWeaver Security Assistant
As long as you complete the basic settings, congratulations, your Weaver Dream Security has passed the test. On the contrary, if you do not follow the basics, your website will be in danger.
1 Delete unnecessary directories
After installing Dreamweaver, you need to delete the install directory immediately. If you do not need to use members or topics (99% of users will not use them), you can directly Delete the member and special directories.
2 Delete unnecessary files
plus files It is recommended to keep only the following files: ad_js.php, count.php, list.php, search.php, view.php, and delete the rest.
The functions of the files in the plus folder are as follows. If they are not used, they can be deleted.
File name File description Suggestion
guestbook folder
Message board
Delete
img folder
Picture
Delete
task folder
Scheduled task
Delete
ad_js.php
Call the advertisement. If your advertisement is not set through the background "Advertising Management", you can delete the file and keep
advancedsearch.php, heightsearch.php
Advanced search, generally only use search. php delete
arcmulti.php
Call the specified tag list asynchronously. If you don’t need it, delete it. Delete
bookfeedback.php, bookfeedback_js.php
Book reviews and comment calling files have injection vulnerabilities and are unsafe
Delete
car.php, posttocar.php, carbuyaction.php
Shopping cart Delete
comments_frame.php
There is a security vulnerability when calling comments (now generally third-party comments are used instead of Dreamweaver’s own comments)
Delete
count.php
Statistics on the number of times an article has been read. Keep
digg_ajax.php, digg_frame.php
the upvote function of articles. Delete
disdls.php, download .php
Download count statistics, download function Delete
diy.php
Custom form Keep
erraddsave.php
article Correction Delete
feedback.php, feedback_ajax.php, feedback_js.php
comment related functions Delete
flink.php, flink_add.php
friendship Add links and friendly links (it is recommended to delete, otherwise the template path will be easily exposed) Delete
freelist.php
free list Delete
guestbook.php
leave a message Delete
list.php
Dynamic browsing column page Keep
mytag_js.php
Custom tag js calling method (if the background automatic Define macro tags, please delete)
Delete
qrcode.php
Generate QR code Delete
recommend.php
Information Recommended
Delete
rss.php
RSS list page
Delete
search.php
Search Keep
showphoto.php
Show large pictures (used in the atlas model)
Delete
stow.php
Collect articles Delete
view.php
Dynamic browsing articles Keep
vote.php
vote Delete
3 Modify the default background Folder name
The default background is accessed through the domain name /dede. Please change it to another name. The less likely it is to be guessed, the better. You can use English numbers and other forms. The modification method is to directly rename the name of the dede folder.
4 Create a new administrator account in the background and delete the default admin user
4.1 Create a new administrator account
Click System->System User Management->Add Management Member, fill in the login account and password and other information, select 'Super Administrator' for the user group
4.2 Delete the default admin user
Click System->SQL Command Line Tool and run the SQL command: delete from dede_admin where id = 1;
5 Migrate the data directory outside the web directory
The data directory has serious security risks, so it is necessary to move the data directory outside the site directory. For the specific migration method, you can check this article: http://www.dedemao.com/study/78.html
For students who really do not have the conditions to migrate outside the site, please be sure to change the name of the data directory. .
The above is the detailed content of DEDECMS security settings. For more information, please follow other related articles on the PHP Chinese website!