Home > Article > CMS Tutorial > How to prevent the DEDECMS website from being hacked
How to prevent the DEDECMS website from being hacked?
Dreamweaver DEDECMS website security settings imitation horse-hanging tutorial
Many customers often encounter or worry about website horse-hanging during use
This set of simple tutorials explains to customers a series of security settings for DEDE websites. As long as you follow the following three points, you can avoid 99% of websites being hacked.
Recommended learning :
dedecms tutorial1 Simplified Settings:Delete all unnecessary functions. For example, if you don't need membership, delete the member folder. Removing redundant components is the best way to avoid being injected by hackers. Add empty index.html to each directory to prevent the directory from being accessed.
Dream Weaver can delete the directory list: member membership function special topic function install installation program (must be deleted) company enterprise module
plus\guestbook message board and other modules that are generally not used can be used Not installed or removed.
Second Password SettingsThe administrator password must be long and mixed with letters and numbers. Try not to use admin. After the initial installation is completed, delete admin and create a new one. Don’t make the administrator name too simple. The password stored in the Dreamweaver system database is MD5. Generally, even if HACK obtains the MD5 password
through injection, if your password is strict enough, the other party cannot reverse it. Also helpless. But the current MD5 cracking website is too advanced. The 4T hard drive
is full of MD5 passwords. Even if your password is very complex, it can sometimes be blocked. This is how my previous site was hacked. So the password
must be complex enough.
三DEDE deleteable file list:file_manage_control.php
file_manage_main.php
file_manage_view.php
media_add.php
media_edit.php
media_main.php
These files in the DEDE management directory are background file managers (these two have the most functions It is also the most affecting security. Many HACKs are used to mount Trojans. It is simply a small mounter, which is very convenient for uploading and editing Trojans. Generally, there is no need to delete them all).
Delete the dede/sys_sql_query.php file if you do not need the SQL command runner. Avoid HACK exploits.
If you do not need the tag function, please delete tag.php in the root directory. Please delete digg.php and diggindex.php in the root directory if you don’t need to be a guest!
Do the above three points to ensure your website is safe and reliable!
The above is the detailed content of How to prevent the DEDECMS website from being hacked. For more information, please follow other related articles on the PHP Chinese website!