Introduction to three methods to enhance CMS security

Currently, almost all personal websites are built using the open source website construction system. The biggest benefit of an open-source system is that it lowers the threshold for building websites. You don't need any development technology, or even you don't even understand the most basic HTML language. Official

Currently, almost all personal websites are built using the open source website construction system. The biggest benefit of an open-source system is that it lowers the threshold for building websites. You don't need any development technology, or even you don't even understand the most basic HTML language. The extensive official help documentation and experience and skills shared by Netizens help you get started quickly.

However, because the source code of open-source systems is open, network hackers can easily find system vulnerabilities and apply these vulnerabilities to thousands of websites with the same website construction system, this is undoubtedly the most terrible for our Cainiao Masters. How can we improve the security of our website? Today, I will use the widely used Zhimeng CMS website building system as an example to describe three effective methods to prevent website hacking.

1. change the name of the background Management Directory

Hackers usually use SQL injection to crack the account and password of the website's background Administrator. then, they log on to the background and upload Trojans to obtain the privilege of webshell until they have full control over the entire website. If we can modify the table name of the administrator table and the management directory name of the website background, hackers will not be able to crack the administrator account of the website, even if they have obtained the administrator account, or you may not be able to log on because you cannot know the website background Management Directory.

Do not use admin or manager keywords to modify the administrator table name and background Management Directory, which greatly increases the difficulty of hacker cracking. Note that you must modify the table name in the source code after modifying the administrator table name in the database. Zhimeng V5.7 has a total of 27 changes to be modified. you can search for "dede_admin" to replace the changes.

2. change the prefix wildcard of a database table

The prefix wildcard here is not the prefix of the database table name entered during installation, but the "# @ _" string in the system source code.

I once saw a lot of unknown files in my hacked website and wrote a lot of code for direct database operations, in this case, the operations on the table contain the "# @ _" string. if we modify the "# @ _" string in the source code, these unknown files will not work.

3. configure the initial connection to the database

The database connection information is recorded in the data/common. inc. php file of Zhimeng, which is in plain text and insecure. We can use two methods to make it secure.

One is to add multiple variables (dozens or even hundreds). only six of these variables actually work, and others are used to disrupt hacker judgment.

Another way is to encrypt the data, but this requires some programming technology for webmasters. Either method needs to be modified in the database initialization class, but the first method requires only a few variable names, which is much simpler.

The above three methods play an important role in the security of the CMS system, and many webmasters and friends have no way to improve website security. I hope this article will be helpful to webmasters and friends for their website security!