Imperial cms security settings optimization sharing

The following is the tutorial column of Empire cms secondary development to introduce to you the optimization and sharing of the security settings of Empire cms. I hope it will be helpful to friends in need!

First of all, let’s get to know the security authentication features of Empire CMS:

Four-layer security verification for Empire login:

The first level: password Double MD5 encryption, the password cannot be cracked, and if the database is downloaded, the real password cannot be obtained.

Second level: Backend directory customization. If the other party knows the password, it cannot find the login backend.

Third level: If you know the password and backend directory, you cannot know the authentication code. The authentication code stores the .php file and you must log in to FTP to view the file content.

Fourth level: Backend login supports custom-specified independent domain names. You cannot log in to the backend without using the specified domain name.

Empire COOKIE Information Five-layer Security Authentication:

The first level: System verification uses random password authentication. A new random password will be generated every time you log in or log out. There is no pattern to be found, and the authentication Using database COOKIE double authentication, it is safe and reliable.

Second stage: Backend login verification COOKIE variable prefix is ​​customized. If you don’t even know the variable name, you cannot simulate COOKIE packet sending.

Third level: COOKIE information is verified using COOKIE authentication code, and information encryption uses double md5 encryption. The COOIE authentication code cannot be cracked, and the .php file containing the COOIE authentication code must be logged in to FTP to view the file content.

Fourth level: COOKIE information is bound to the login IP for authentication. If the COOKIE information is completely obtained and the random password is not changed, the authentication cannot be passed even if the login IP is not known.

Fifth level: Use files to verify whether the user is logged in. If the COOKIE information is completely obtained and the random password has not been changed, and the IP of the login is also known, the user will not be able to pass the authentication even if he is not online.

Let’s introduce how to set up the Empire CMS to be safe and optimized:

(Note: The following options are not required settings, they are just optimization suggestions.)

php configuration file php.ini settings:

1, magic_quotes_gpc is set to On

Magic quotes, it is recommended to turn this on.

2. Register_globals is set to Off

PHP global variable. It is recommended to turn this off.

3. Set display_errors to Off

Do not display PHP error prompts. This setting has little impact on system security.

Imperial website management system settings:

1. Modify the table prefix during installation

It is recommended to modify the table prefix when installing Imperial CMS.

2. When installing and initializing the administrator account, do not use common ones such as admin as the administrator user name.

3. Set the administrator password to more than 6 characters

The password consists of letters, numbers, underscores and special characters.

4. Set the login authentication code during installation

If the authentication code is not set during installation, you can modify the content of the "$do_loginauth" variable in the e/class/config.php file. (It is recommended to edit with Dreamweaver to prevent UTF8 encoded files from being converted to GBK)

5. Rename the background management directory /e/admin

Rename admin to something that is not easy to guess and good Remember the directory name.

6. Set the background verification login IP

In order to take care of users whose Internet IP changes at any time, the login IP is not verified by default. If you want to enable login IP verification, you can modify e/class/config.php The value of the "$do_ckhloginip" variable in the file is set to 1. (It is recommended to edit with Dreamweaver to prevent UTF8 encoded files from being converted to GBK)

7. When exiting the system, click the exit login link in the background to exit

Click to exit and log in. The system will automatically generate a new Random password (to prevent the leakage of locally saved COOKIE information due to computer poisoning or network hijacking, and generating a new random password can invalidate the leaked COOKIE information).

8. Enable website security firewall.

For more imperial cms technical articles, please visit the Empire cms column!

The above is the detailed content of Imperial cms security settings optimization sharing. For more information, please follow other related articles on the PHP Chinese website!