DEDECMS security settings

DEDECMS security settings

Many friends who have installed DEDECMS are very concerned about the security of DEDECMS. Trouble, we often encounter things such as horse hanging, hidden links, etc. DreamWeaver Cat has also encountered it. Through Baidu search, we have summarized some methods to improve the security of DreamWeaver. The following settings can significantly improve the security of DreamWeaver. .

Recommended learning: DreamWeaver cms

Recommended to install DreamWeaver Security Assistant

As long as you complete the basic settings, congratulations, your Weaver Dream Security has passed the test. On the contrary, if you do not follow the basics, your website will be in danger.

1 Delete unnecessary directories

After installing Dreamweaver, you need to delete the install directory immediately. If you do not need to use members or topics (99% of users will not use them), you can directly Delete the member and special directories.

2 Delete unnecessary files

plus files It is recommended to keep only the following files: ad_js.php, count.php, list.php, search.php, view.php, and delete the rest.

The functions of the files in the plus folder are as follows. If they are not used, they can be deleted.

File name File description Suggestion

guestbook folder

Message board

Delete

img folder

Picture

Delete

task folder

Scheduled task

Delete

ad_js.php

Call the advertisement. If your advertisement is not set through the background "Advertising Management", you can delete the file and keep

advancedsearch.php, heightsearch.php

Advanced search, generally only use search. php delete

arcmulti.php

Call the specified tag list asynchronously. If you don’t need it, delete it. Delete

bookfeedback.php, bookfeedback_js.php

Book reviews and comment calling files have injection vulnerabilities and are unsafe

Delete

car.php, posttocar.php, carbuyaction.php

Shopping cart Delete

comments_frame.php

There is a security vulnerability when calling comments (now generally third-party comments are used instead of Dreamweaver’s own comments)

Delete

count.php

Statistics on the number of times an article has been read. Keep

digg_ajax.php, digg_frame.php

the upvote function of articles. Delete

disdls.php, download .php

Download count statistics, download function Delete

diy.php

Custom form Keep

erraddsave.php

article Correction Delete

feedback.php, feedback_ajax.php, feedback_js.php

comment related functions Delete

flink.php, flink_add.php

friendship Add links and friendly links (it is recommended to delete, otherwise the template path will be easily exposed) Delete

freelist.php

free list Delete

guestbook.php

leave a message Delete

list.php

Dynamic browsing column page Keep

mytag_js.php

Custom tag js calling method (if the background automatic Define macro tags, please delete)

Delete

qrcode.php

Generate QR code Delete

recommend.php

Information Recommended

Delete

rss.php

RSS list page

Delete

search.php

Search Keep

showphoto.php

Show large pictures (used in the atlas model)

Delete

stow.php

Collect articles Delete

view.php

Dynamic browsing articles Keep

vote.php

vote Delete

3 Modify the default background Folder name

The default background is accessed through the domain name /dede. Please change it to another name. The less likely it is to be guessed, the better. You can use English numbers and other forms. The modification method is to directly rename the name of the dede folder.

4 Create a new administrator account in the background and delete the default admin user

4.1 Create a new administrator account

Click System->System User Management->Add Management Member, fill in the login account and password and other information, select 'Super Administrator' for the user group

4.2 Delete the default admin user

Click System->SQL Command Line Tool and run the SQL command: delete from dede_admin where id = 1;

5 Migrate the data directory outside the web directory

The data directory has serious security risks, so it is necessary to move the data directory outside the site directory. For the specific migration method, you can check this article: http://www.dedemao.com/study/78.html

For students who really do not have the conditions to migrate outside the site, please be sure to change the name of the data directory. .

The above is the detailed content of DEDECMS security settings. For more information, please follow other related articles on the PHP Chinese website!