How to modify the DEDECMS dream weaving template to prevent the website from being hacked?
Detailed tutorial on how to simply modify the DEDECMS Dreamweaver template to prevent website malware
Website security is the cooperation of server configuration, file permission control and website program. If you want to DedeCms website program modifications to improve security. "Executable files are not allowed to be modified, and writable files are not allowed to be accessed." This is the fundamental principle of website permission control. Website programs can do a lot of work in "writable files are not allowed to be accessed". We can protect it in the following ways:
1. Rename the data directory under the root directory, or move it outside the website directory.
The data directory is the best A place that hides dirt and evil, the system often writes data to this directory, and any file in this directory can be accessed through a URL. Therefore, to prevent the browser from accessing the files inside, you need to rename this directory. Or move it outside the website's directory. Even if someone writes a Trojan into a file through a vulnerability, they cannot find the file path where the Trojan is located and cannot continue the attack. Because the DedeCMS program is unreasonable, the action of renaming the data directory will be relatively large. The specific methods are as follows:
a. Migrate the public content to the pub directory (or other custom directories), such as rss, sitemap, js, enum, etc. This step requires moving the folders and modifying the generation paths of these files
b. Modify the referenced program directory
c. Modify the name of the data folder and modify include/common The value of "DEDEDATA" in the .inc.php file can be modified by modifying the template cache directory in the background system settings > parameter settings. You can also follow this step to change the data folder name in the future.
2. Rename the "dede" management directory and reinforce it
If you hide the backend, even if someone else obtains your administrator account and password, they can No way to log in.
a. In /dede/config.php, find the following line:
//检验用户登录状态
$cuserLogin = new userLogin();
if($cuserLogin->getUserID()==-1)
{
header("location:login.php?gotopage=".urlencode($dedeNowurl));
}Change the above code to:
//检验用户登录状态
$cuserLogin = new userLogin();
if($cuserLogin->getUserID()==-1)
{
//header("location:login.php?gotopage=".urlencode($dedeNowurl));
header("HTTP/1.0 404 Not Found");
exit();
}b. Modify /dede/login. php file name, and correspondingly modify the form submission address in /dede/templets/login.htm;
c. Modify the directory name of /dede/;
In this way, others will not Before logging in, you can only access the renamed address of /dede/login.php. Accessing other addresses will result in a 404 error.
Of course, after security hardening is done, there will be some trouble in upgrading DedeCMS in the future.
The above is the detailed content of How to modify the DEDECMS dreamweaver template to prevent the website from being hacked. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
