There are many users of the dream system, the loopholes are also relatively many, so the site security needs to do a good job, a lot of so-called "hackers" are using tools to scan the invasion, the strong point of people are disdain to black our small site, so in our not professional maintenance personnel, do a good job in general security can be.
Here's what you collect:
First, the installation of the database table prefix, it is best to change, do not dedecms the default table prefix Dede_, can be changed to Ljs_, any name.
Second, the background login to open the verification code function, the default admin admin deleted, changed to a dedicated, complex points of the account.
Third, install the program must delete the install directory
Four, will dedecms admin default directory name dede get rid of.
Five, the use of functions are closed, such as members, comments, etc., if there is no need to all in the background closed.
Some of the following are directories that can be deleted:
Member Member features
Special Special Features
Company Enterprise Module
Plus\guestbook Message Board
Here are the files that you can delete:
These files in the managed directory are background file managers, are redundant, and most affect security
file_manage_control.php,
file_manage_main.php
file_manage_view.php
media_add.php media_edit.php
media_main.php
Then there are:
You do not need to remove the dede/sys_sql_query.php file from the SQL command runner.
You do not need the tag function to remove tag.php from the root directory.
Please remove the digg.php and diggindex.php from the root directory if you do not need a top step.
Seven, pay more attention to DEDECMS official release of security patches, timely patched.
Eighth, download the release function (Management directory soft__xxx_xxx.php), do not have to delete, this is relatively easy to upload Trojan.
Ninth, DEDECMS official website out of the Universal Security Protection Code, I post in the article, the official website to members to see.
Tenth, the safest way: Publish the HTML locally, and then upload to space. Does not contain any dynamic content, theoretically the safest, but the maintenance is relatively troublesome.
11th, or have to constantly check their own website, is hung black chain is trivial, be hung Trojan or delete the program is very miserable, bad luck, the rankings will follow away. So remember to back up your data often.
Note: The above operation for reference, please set carefully, please do the site backup work, to avoid unnecessary errors.
Common weave Dream dedecms Security Set collection arrangement