Install. php for wordpress Website Security

After a website is created with wordpress, the program will leave a file named install. php under the website management Directory web/wp-admin. This file is a support file in the installer and will only be called during installation. After the program is released, it will no longer work. Deleting this file does not affect the website functions. This is like downloading an executable file. After being installed on a computer, the downloaded installation file can be deleted without affecting the running of the program. This directory contains dangerous functions or information that hackers may use to directly obtain control of the target server or perform further attacks based on the script or information. Therefore, it is necessary for us to process this file to ensure the security of the entire website. So what should we do?

Wordpress LOGO

There are more than one way to handle install. php. We can choose to execute the command to reject writing or modify the program name, so that hackers cannot modify or recognize the file to block hackers. You can also delete it directly.

1) execute the write rejection command. This operation can be performed on the control panel of the website space. Most servers support this operation. It is very easy to execute a denial of write command on the entire directory. Of course, you can also perform operations on the ftp-side attribute options.

2) modify the program name. We can modify the prefix and install it to any name you want. You can also modify the suffix and define the format as any other format, for example, change. php to. xyz. The purpose of this operation is to disguise this file and block hacker identification. This file will not affect the Website Functions, so we can define it as needed.

3) Clear the file content. Open install. php In a text editor, clear and save the script records. In this way, the installation script cannot be analyzed even if the hacker obtains the file.

4) Delete directly. This is the most direct and effective method, and is also the recommendation and first choice. As mentioned above, this file must be called only when the website program loads the space server. Otherwise, the installation cannot be completed. However, after the installation is complete, it completes its mission and also loses its role. Another benefit of deleting it is that it can save a little space for the server.

Finally, I am sorry. Website security depends on the actual situation. Using multiple methods, regular backup is actually the most stupid and most effective method.