What should dedecms pay attention to?

Notes: 1. Delete the default administrator admin account and password, and create a new administrator. The administrator password must be long and mixed with letters and numbers; 2. Delete and temporarily remove unnecessary functions. Close it and open it when needed to avoid being injected by hackers; 3. Add empty index.html to each directory to prevent the directory from being accessed; 4. Hard-code write permissions and prevent the upload of PHP code after the installation is completed; 5. Delete The install folder in the root directory prevents others from resetting the website; 6. Regular patching, etc.

The operating environment of this tutorial: Windows 7 system, DedeCMS 5.7, DELL G3 computer

The Dedecms website has attracted many companies due to its simple production method and convenient management. , I personally like to use dede to make websites, so what should I pay attention to when using dedecms to make websites? Let’s talk about it together.

1. Password setting:

The administrator password must be long and mixed with letters and numbers. Try not to use admin. Delete admin after the initial installation is completed. Don't create a new administrator name too simply.

The password stored in the DreamWeaver system database is MD5. Generally, even if HACK obtains the MD5 password through injection, if your password is strict enough, the other party cannot reverse it. Also helpless. But the current MD5 cracking website is too advanced. The 4T hard drive is all MD5 password. Even if your password is very complex, it can sometimes be deceived. This is how my previous site was hacked. So the password must be complex enough.

2. Simplified settings:

Delete all unnecessary functions. For example, if you don't need membership, delete the member folder.

The pictures uploaded by Dedecms will be added with dede watermark by default, so the watermark needs to be temporarily turned off and set under the background system->Image Watermark

Removing redundant components is the best way to avoid being injected by hackers. Add empty index.html to each directory to prevent the directory from being accessed.

Dreamweaver can delete the directory list: member membership function special topic function install installation program (must be deleted) company enterprise module plus\guestbook message board and other modules that are generally not used do not need to be installed or deleted.

3. Change the website name and site root URL

In the background system->System Basic Settings->Site Settings, change the website name and site root URL , set to the website name and site root URL we want.

4. List of files that can be deleted by DreamWeaver:

file_manage_control.php file_manage_main.php file_manage_view.php in the DEDE management directory media_add.php media_edit.php media_main.php These files are background file managers (these two functions are the most redundant and affect security the most. Many HACKs are used to mount hackers. It is simply a small hacker. Upload and edit Trojans are so convenient. Generally there is no need to delete them all).

Delete the dede/sys_sql_query.php file if you do not need the SQL command runner. Avoid HACK exploits.

If you do not need the tag function, please delete tag.php in the root directory. Please delete digg.php and diggindex.php in the root directory if you don’t need to be an invoker.

5. Hard-write write permissions and prevent uploading of PHP code after the installation is complete

For many enterprise websites, they use virtual space; virtual space FTP IPs are all public, so some sites have very low security and are easily hacked. If your website is unfortunately on these servers and the permissions are open, it is easy for someone to import some junk files, which will affect the SEO performance and security of the website.

And in order to prevent HACK from being used to publish documents, upload Trojans. Please prevent uploading PHP code after installation is complete. This basically blocks all possibilities of uploading and editing Trojans.

6. Keep the CP and FTP passwords of the space properly

Some people use the space, please keep the CP and FTP passwords of the space properly. And the password must be complex. If you have your own server, you have to rely on yourself.

7. Change the login folder

dede’s default login address is our domain name/dede, so we need to rename the dede folder to something else in the background name.

#8. Update the default ico icon

After the website is opened, the default icon displayed on the website is the dede icon, and the icon format is It’s ico, we can make Baidu ico icon, make our own icon and upload it to the ftp root directory to replace dede’s default ico icon

9. Delete the root directory The install folder under

Enter ftp and delete the install folder in the root directory so that the website cannot be reinstalled to prevent others from resetting our website.

#10. Regular patching

Come to the Dreamweaver official website frequently to see if there are any new security patches. All must be marked.

By making the above modifications to the security settings, we will no longer need DEDE to be hung. Of course, there is no one-size-fits-all solution, but this method can prevent the occurrence of most intrusions.

Recommended learning: dedecms tutorial

The above is the detailed content of What should dedecms pay attention to?. For more information, please follow other related articles on the PHP Chinese website!