What are the ultimate tips for dedecms security settings?

dedecms What are the ultimate tips for setting up security?

Here is a brief introduction to DEDECMS security settings.

Recommended learning: 梦Weavercms

1. The following directories: data, templets, uploads, a set read, write and non-executable permissions. The a directory is the default saving path of document HTML, which can be changed in the background;

2. The following directories: include, member, plus, and dede are set to readable, executable, and non-writable permissions. The backend management directory (default dede) can be modified by yourself;

3. If you do not need to use members or topics, you can directly delete the member and special directories;

4. Delete the install installation directory;

5. Try to set the administrator account password as complex as possible. You can create a new channel administrator when publishing articles, and only give relevant permissions;

6. Mysql database link, do not use the root user, create a new channel separately User, and grant: SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES permissions;

7. Regularly back up the website directory and database, and perform file verification in the background. Virus scanning, system error repair.

After setting it up, proceed with the following operations

If it has been hacked, please clear all the information in the space, download the latest official version, and then proceed as follows:

First . It is best to change the table prefix of the database during installation. Instead of dede_, the default prefix of dedecms, you can change it to xxxx_, or any other name.

Second, log in to the background and enable the verification code function. Delete the default administrator admin and change it to a dedicated, more complex account. The administrator password must be long, at least 8 characters, and contain letters and numbers. mix.

Third, be sure to delete the install directory after installing the program

Fourth, change the default directory name dede for dedecms background management.

Fifth, close all unused functions, such as members, comments, etc. If it is not necessary, close them all in the background.

Sixth, the following are directories that can be deleted:

member membership function

special topic function

company enterprise module

plus\guestbook message board

The following are the files that can be deleted:

These files in the management directory are background file managers, which are redundant functions and most affect security. Many HACKs are passed It comes to hang the horse

file_manage_control.php file_manage_main.php file_manage_view.php media_add.php media_edit.php media_main.php

More:

No SQL command runner is required Delete the dede/sys_sql_query.php file.

If you do not need the tag function, please delete tag.php in the root directory. Please delete digg.php and diggindex.php in the root directory if you don’t need to be an invoker.

Seventh, pay more attention to the security patches officially released by dedecms and apply them in time.

Eighth, download and publish function (soft__xxx_xxx.php in the management directory), you can delete it if not used, this is also easier to upload Xiaoma.

Ninth, DedeCms official website provides universal For the security protection code, log in to the dedecms official website forum to view.

Tenth, the safest way: publish the html locally and then upload it to the space. It does not contain any dynamic content and is the safest in theory, but maintenance is relatively troublesome.

Eleven, you still have to check your website frequently. Being linked to a black link is a trivial matter, but being linked to a Trojan horse or deleting a program is very miserable. If you are unlucky, your ranking will also drop. So you have to remember to back up your data from time to time

The above is the detailed content of What are the ultimate tips for dedecms security settings?. For more information, please follow other related articles on the PHP Chinese website!