In order to prevent ZBLOG from being hacked or system vulnerability websites from being breached, you can set the website permissions as follows, which can be operated in the file management of the pagoda panel.
A: Directories and subdirectories with w permission and all files under them
zb_users/cache
zb_users/upload
B: Those who need to delete w permission are
Zb_system and its subdirectories
Other directories except cache and upload under zb_users
Index.php, feed.php, search.php in the root directory
C: To solve the problem that ftp cannot overwrite or install themes and plug-ins:
1. If you want to overwrite zb_system, add w permissions to zb_system and subdirectories in file management
2. If you want to install a new plug-in, add w permissions to the plugin directory under zb_users
3. Other required directories are also processed.
4. To prevent hackers from planting trojans on the website, please delete the added w permissions as soon as possible after the coverage is completed
D: Enable the code tamper proof function of the pagoda.
E: Security configuration of nginx
location ~* /(zb_users/cache|zb_users/upload|zb_users/logs)(.*)\.php$ {
deny all;
return 404;
}
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
