Many of our friends who have installed Dream Weaving are very worried about the safety of Dream Weaving. They often encounter hanging horses, being linked to the dark chain and other things. Dream Weaving Cat has also met. Through Baidu search, we have summarized some ways to improve the safety of Dream Weaving. The following settings can significantly improve the safety of Dream Weaving.
1、 Basic (60 points)
As long as you complete the basic chapter, congratulations. Your dream weaving safety has passed. On the contrary, if you do not follow the basic chapter, your website is in danger.
1 Delete unnecessary directories
After the installation of Dream Weaving, you need to delete the install directory immediately. If you don't need to use members and topics (99% of users can't use them), you can directly delete the member and special directories.
2 Delete unnecessary files
It is recommended to retain only the following files for the plus file: ad_js.php, count. php, list. php, search. php, view. php, and delete the rest.
The file functions in the plus folder are shown in the following table. If they are not used, they can be deleted.
| file name |
Document description |
proposal |
| Guestbook folder |
Message Board |
delete |
| Img folder |
picture |
delete |
| Task folder |
Scheduled Task |
delete |
| ad_js.php |
Call the advertisement. If your advertisement is not set through the background "advertisement management", you can delete the file |
retain |
| advancedsearch.php、heightsearch.php |
Advanced search, generally only used for search.php |
delete |
| arcmulti.php |
Call the specified tag list asynchronously. If you don't need it, delete it |
delete |
| bookfeedback.php、bookfeedback_js.php |
Book reviews and review call files have injection vulnerabilities and are unsafe |
delete |
| car.php、posttocar.php、carbuyaction.php |
Shopping Cart |
delete |
| comments_frame.php |
Calling comments, there is a security vulnerability (currently, third-party comments are generally used, instead of the comments brought with Dream Weaving) |
delete |
| count.php |
Count article reading times |
retain |
| digg_ajax.php、digg_frame.php |
Press function of the article |
delete |
| disdls.php、download.php |
Download times statistics, download function |
delete |
| diy.php |
Customer Form |
retain |
| erraddsave.php |
Article correction |
delete |
| feedback.php、feedback_ajax.php、feedback_js.php |
Comment related functions |
delete |
| flink.php、flink_add.php |
Friendly links, add friendly links (recommended to delete, otherwise it is easy to expose the template path) |
delete |
| freelist.php |
Free list |
delete |
| guestbook.php |
Leaving a message. |
delete |
| list.php |
Dynamic browsing column page |
retain |
| mytag_js.php |
Call method of user-defined tag js (delete the user-defined macro tag in the background if it is not used) |
delete |
| qrcode.php |
Generate QR code |
delete |
| recommend.php |
Information recommendation |
delete |
| rss.php |
RSS List Page |
delete |
| search.php |
search |
retain |
| showphoto.php |
Display large pictures (used for atlas model) |
delete |
| stow.php |
Collect articles |
delete |
| view.php |
Dynamically browse articles |
retain |
| vote.php |
vote |
delete |
3 Modify the default background folder name
The default background is accessed through the domain name/dede. Please change it to another name. The more difficult it is to guess, the better. You can use English+numbers and other forms. The modification method is to rename the name of the dede folder directly.
4. Create a new administrator account in the background and delete the default admin user
4.1 Create a new administrator account
Click System ->System User Management ->Add Administrator, fill in the login account, password and other information, and select 'Super Administrator' in the user group
4.2 Deleting the Default Admin User
Click System ->SQL command line tool and run the SQL command: delete from dede_admin where id=1;
5 Migrate the data directory out of the web directory
The data directory has serious security risks. It is necessary to move the data directory outside the site directory. See this article for specific migration methods:
There is no condition to migrate to students outside the station. Please also change the name of the data directory.
Statement: All articles on this site, unless otherwise specified or marked, are originally published on this site. No individual or organization is allowed to copy, embezzle, collect and publish the content of this website to any website, book and other media platforms without the consent of this website. If the content of this website infringes upon the legitimate rights and interests of the original author, please contact us for handling.
