Seven security details to be easily overlooked using DEDECMS station

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

With the popularity of CMS, more and more users began to join the personal webmaster industry, perhaps many netizens think, as long as buy a domain name, rent a space, and then resolve the domain name, then FTP upload program, the program can be installed after the release of content, published content began to do outside the chain, Do outside the chain is the real webmaster.

Just, do stationmaster really is so simple? For most webmasters, dedecms are very convenient open source CMS, because the number of users, so DEDECMS security has been criticized, not only the use of Dedecms site is vulnerable to attack, Even the dream of the official website are often not open, this is catches typical. However, even so, there are a lot of netizens support, after all, use up very handy, rookie can learn to operate in a very short time, but if you really like dedecms, then in the use of the process to pay attention to the following seven easy to ignore the problem.

Download and use others ' templates at your fingertips

Dedecms is popular, a very important reason is a lot of templates, and the template is very beautiful, many netizens are directly download the official program, and then find a template sleeve, so you can complete a lot of web sites. However, in the download template, it is best to check the template on whether there is a black chain or other advertising code or something, which may affect the security of the site.

Second, no Limit folder script run

This is an official offer, because DEDECMS is vulnerable to attack, and if you accidentally upload files, if your folder has restricted script run permissions, then these files will not run. Currently uploads, data, templets these three directories are to prevent PHP files from running, and common.inc.php to set to read-only.

Third, did not upgrade the patch or version in time

No matter what the open source program, there will be a different version, the current dedecms is very popular version is 5.6 or 5.7, but the previous version will update the patch, but the use of DEDECMS build station, so do not regularly in the background to upgrade patches, which, like using Windows System, No patch can not guarantee security, no matter how busy to go back to upgrade patches.

Four, no Limit member upload file format

Dedecms is still very powerful, not only can do content site, can also do the community, support contributions, support and forum data added together, etc. however, because it involves registered members of the submission of what, then pay special attention to the format of the member upload file, in the background to set up a clear permission to upload attachments and pictures, A lot of loopholes are using the member upload file attack.

Five, did not modify the administrator account and nickname

Dedecms Admin Account is admin, the default administrator nickname is also admin, where the nickname is published when the publication of the article, in order to avoid the administrator account leakage, then must modify the nickname, nickname in the account management can be modified, proposed to Chinese; As for the administrator account number, In the database to modify, to avoid other people known account violence broken password.

Six, did not modify the background address or write robots.txt

Use this kind of have background CMS, then must modify the background address, at the same time to patch changes; however, many novice speculated that the search engine may be included in the back-end address, so in the robots.txt to prohibit the collection of background directory, so instead is Bans, so that those who do not bad intentions. How to write Robots.txt can refer to A5 Webmaster network.

Vii. site problems easily given backstage

As a webmaster, more or less will encounter site revision or site poisoning problems, encounter such problems, it is inevitable to find someone to solve the problem, the forum has a lot of specialized to solve such problems, but these people are good or bad, many people directly after Q said they can solve the problem, and then ask the background address and password, This time stationmaster don't be excited, want to check the information of the other party first, a lot of dishonest person then easily control your website to add black chain or latent loophole or something.

Anyway, no matter how other CMS propaganda security and stability, or can not block the vast number of webmaster use Dedecms, after all, simple ah, simple and easy-to-use is the kingly way, but in the convenient time don't forget these easy clothing security issues Oh. This article is provided by the love Not Net (http://www.aibue.com), welcome reprint to share, reprint retains the source, thanks the cooperation!