DEDECMS security settings make your site safer

Source: Internet
Author: User
Keywords DEDE

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Dedecms the popularity of the surface is still very wide, a large number of small and medium-sized webmaster in the use of Dede construction site, its advantages are prominent: Open source, easy, simple optimization. But its drawbacks are fatal: very poor security. Investigate its reason, catches, at the same time we also want to blame Dede development team, cannot take open source when reason, security difference represents the product quality is poor. The author based on its own experience in the establishment of Dede some security settings.

1. After installing the program or upgrading the program, be sure to remove the install (installation) or update (upgrade) folder so that you can reduce the range of attacks. In addition to the install folder, you can delete the folder to see the specific use. For example, you do not need membership to delete the Member folder, do not need special features can delete special folder, if necessary, the special folder can be set to read-write, not executed. Also, you can modify the prefix of the Dede data name when you install it.

2, the Data folder renamed, increase the horse-hanging program to find your background path of difficulty. Then is to the default admin login to get rid of, here for you to provide a very simple way, is to write SQL command, in the Dede of the background Management System SQL command line tools input statements: Update dede_admin set userid= "new UserID "where id=1; the new userid here represents the user name you want to modify, and the password can be modified more complex, and you can periodically modify your password or even login name, with just the SQL statement.

3, set the directory permissions, this is very important. The author is in accordance with the security recommendations in the background of Dede: conditional users to the Data,templets,uploads,html,special,images,install directory set to not allow the execution of scripts, other directories prohibit writing, the system will be more secure. Note that the install deletion here is safer, as the author's website does not need to be special, and is also safer to delete. As for how to set dedecms directory permissions, the official website of the Tianya to different environments have specific settings, the Web site is: http://help.dedecms.com/install-use/server/2011/1109/2124.html, You can refer to your environment. In addition to some of the directories suggested above, the folder where the generated pages are located is also set to not allow scripts to be executed, making the entire site more secure. In addition to the settings for these directory permissions, the common.inc.php file (Linux/unix) in the Data folder is set to 644 or (Windows NT) set to read-only.

4, regular check dedecms there is no update, timely patching. There are two ways, one can be in the background to click on the online update, specifically see the following figure:

  

In addition, you can go to the official website to see the update time, in the official website of the upper right corner, see the following figure:

  

Update is very important, must often check, patches out, often means that a number of sites have been hung Trojan.

5, for the situation of the horse, there are many online inspection and anti-virus software, we can search Baidu. Here to introduce a more fool-style approach: standing site. Once you find your site hanging horse, use the file comparison tool to compare backup and existing sites with different files, focusing on viewing. If you can't find a trojan, you can cover it.

Online about Dede security settings of the article a lot, you can go to see, according to their actual situation to modify, such as the Data folder moved out of the web directory. Do not install Dede is anxious to do a website, that is a large set of loopholes, do not do the necessary security settings, it is difficult to hang a horse. The web site of the horse you do good again, weight again high, what is the significance of it? In fact, the author's suggestion is that the security requirements of the personal webmaster, can give up the use of dedecms to build, swap with other systems.

This article is by mobile phone wallpaper Daquan http://www.desk-site.com webmaster original, starting in Admin5, reproduced please specify, thank you.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.