Dedecms weaving dreams is one of the most used website background management systems in China, but weaving dreams have a lot of website vulnerabilities. We often encounter websites being hacked and linked to viruses. So how do we make dreams weaving dreams? Well, let’s teach you how to make dedecms (dream weaving) website security protection settings.
1. Modify the default admin user name and default password admin of the weaving dream cms system
As shown in the figure below, in the core of dream weaving "system user management" click on change "fill in the new password that needs to be changed in the user password field
In the core of weaving dreams backstage "database content replacement" select the userid field in the dede_admin table" is replaced by the content of the weaving dreams default user name admin is replaced with the content, write the user name you need to change (that is, your own user name)
2. Modify the default login address http://domain name/dede/ on the backstage of the dream weaving website (it is better to change to letters, underscores and numbers)
3. Delete the entire folder of member in the root directory-how it is an ordinary enterprise site or does not require member functions
4. Delete the entire special folder in the root directory
5. Delete the entire install folder in the root directory
6. Delete the /templets/default official default template folder in the root directory. If the website template is placed in this folder, do not delete it
7. Under the plus folder of the weaving dream root directory as shown below, except for 1 folder and 5 php files, all other files are deleted
8. This is a crucial step. Move the data file in the root directory to the upper level of the root directory, change the name of the data file, and then modify the common.inc.php file under the include file in the root directory. Define('DEDEDATA', DEDEROOT.'/data');
Finally modify the configuration tplcache cache file directory, enter the system background, modify the tplcache directory in the configuration to be the upper data directory after you changed the specific operation steps are as follows
9. These files in the dede weaving dream directory are back-end file managers, which are redundant functions and can be deleted, but they will not be able to be opened in the back-end after deletion. File management can not upload files in the back-end. You can upload files through the server or ftp according to your own circumstances. Consider deleting
file_manage_control.php
file_manage_main.php
file_manage_view.php
media_add.php
media_edit.php
media_main.php
10. If you don't need the SQL command runner, you can delete the dede/sys_sql_query.php file.
11. Set 644 readable, writable and non-executable permissions to the templates/, uploads/ website directory folders.
12. Set the include/, plus/, dede/ (modified background login address file) website directory folder to 755 readable, executable, but not writeable permissions
At this point, the security protection settings of the dedecms (dream weaving) website are completely set, and only the above steps are set up to ensure that your website will never be hacked.