Shulou(Shulou.com)06/02 Report--

Editor to share with you what the DEDECMS security settings are, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's learn about it!

Dream weaving DEDECMS security settings

Many friends who have installed dream weaving are very worried about the safety of dream weaving. They often encounter things such as hanging horses and being hung with dark chains. Dream weaving cats have also encountered it. Through Baidu search, summed up some ways to improve the safety of dream weaving. Through the following settings can significantly improve the safety of dream weaving.

As long as you finish setting up the basics, congratulations, your dream weaving security has passed. On the contrary, if you don't follow the basics, your website is in jeopardy.

1 delete unnecessary directories

After installing Weaving Dreams, you need to delete the install directory immediately. If you do not need to use members and topics (99% of users do not need it), you can delete member and special directories directly.

2 delete unnecessary files

The plus file is recommended to keep only the following files: ad_js.php,count.php,list.php,search.php,view.php and delete the rest.

The functions of the files in the plus folder are shown in the table below, which can be deleted if they are not used.

File name File description recommendation

Guestbook folder

Message Board

Delete

Img folder

Picture

Delete

Task folder

Schedule a task

Delete

Ad_js.php

Call the advertisement. If your advertisement is not set through "Advertising Management" in the background, you can delete the file and keep it.

Advancedsearch.php 、 heightsearch.php

Advanced search, generally only use search.php deletion

Arcmulti.php

Call the specified tag list asynchronously. If you don't need it, delete it.

Bookfeedback.php 、 bookfeedback_js.php

Book reviews and review call files, there are injection vulnerabilities, unsafe

Delete

Car.php 、 posttocar.php 、 carbuyaction.php

Shopping cart deletion

Comments_frame.php

There is a security loophole in invoking comments (now third-party comments are generally used instead of dream-weaving comments)

Delete

Count.php

Keep statistics on the number of times you read articles

Digg_ajax.php 、 digg_frame.php

Delete the top stepping function of the article

Disdls.php 、 download.php

Download statistics, download function deletion

Diy.php

Custom form retention

Erraddsave.php

Article error correction and deletion

Feedback.php 、 feedback_ajax.php 、 feedback_js.php

Comment related functions deleted

Flink.php 、 flink_add.php

Links, add links (it is recommended to delete, otherwise easy to expose the template path) delete

Freelist.php

Free list deletion

Guestbook.php

Message deletion

List.php

Dynamic browsing column page reserved

Mytag_js.php

Custom tag js call method (if the background custom macro tag is not used, please delete it)

Delete

Qrcode.php

Generate a QR code to delete

Recommend.php

Information recommendation

Delete

Rss.php

RSS list Page

Delete

Search.php

Search for retention

Showphoto.php

Display a large picture (used by the atlas model)

Delete

Stow.php

Favorite articles deleted

View.php

Dynamic browsing articles retention

Vote.php

Vote to delete

3 modify the name of the default background folder

The default backend is accessed through the domain name / dede. Please change it to another name. The more difficult it is to guess, the better. You can use English + numbers and other forms. Modify it by directly renaming the name of the dede folder.

4 create a new administrator account at the backend and delete the default admin user

4.1 create a new administrator account

Click system-> system user Management-> add administrator, fill in login account and password and other information, and select "Super Admin" for user group.

4.2 remove the default admin user

Click system-> SQL command line tool, and run the SQL command: delete from dede_admin where id = 1

5 migrate the data directory to outside the web directory

There are serious security risks in the data directory, so it is necessary to move the data directory outside the site directory. Specific migration methods can be found in this article: http://www.dedemao.com/study/78.html

Students who really do not have the conditions to move outside the station, please be sure to change the name of the data directory.

These are all the contents of the Weaving Dream DEDECMS security settings. Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.