The term DEDECMS is a special one. When I first started my website, I used DEDECMS, which I used since I switched to PHP, it is only useless today. It can be said that it has created many small and medium webmasters, and is the gospel of Small and Medium webmasters.
The following is a simple record of DEDECMS's security settings.
1. Try to use the pure PHP host space. If you need to use WINDOWS, it is best to disable not all PHP support;
2. Change the default www.2cto.com/dede/class management address;
3. assign a user group with no permissions to the default admin account;
4. Set the data/common. inc. php file attribute (Linux/Unix) to 644 or (Windows NT) to read-only;
5. the Linux host restricts the execution of php scripts on the three directories, uploads, data, and templets. WINDOWS disallows the script running permission on these three directories;
6. Pay attention to official patches and patch them in time;
7. Unnecessary. Please disable the member System and delete the member folder. You must set whether to allow Members to upload non-image attachments to strictly restrict users;
The following describes how to apply PHP script restrictions to uploads, data, and templets:
Execute the php script on the uploads, data, and templets directories. Even if the trojan files are uploaded to these folders, they cannot be run. Therefore, this step must be set.
Before configuration, check whether your space supports. htaccess and rewrite. This method uses the. htaccess file to disable the running of specified scripts.
The Apache environment rules are as follows: Apache executes the php script to restrict the Rules to be added to the. htaccess file.
RewriteEngine on RewriteCond %! ^ $
RewriteRule uploads/(. *). (php) $-[F]
RewriteRule data/(. *). (php) $-[F]
RewriteRule templets/(. *). (php) $-[F]
The nginx environment rules are as follows:
Location ~ /(Data | uploads | templets)/. * \. (php | php5 )? $ {
Deny all;
}
DEDE officially published an article on security. You can search for it;