WordPress的市場(chǎng)巨大,被各種壞人盯上,可能哪天你的程序附件目錄里面就被上傳了木馬,通常被植入了PHP文件,然后遠(yuǎn)程執(zhí)行,娃哈哈,懂的,如果把WordPress附件目錄里面的PHP禁止運(yùn)行,就不用擔(dān)心了.
我用的是nginx,說(shuō)說(shuō)禁止方法:
- location /wp-content/uploads/ {
- location ~ .*/.(php)?$ {
- deny all;
- }
- }
插入你的nginx conf中,重啟nginx即可.
附上一個(gè)完整的虛擬主機(jī)的例子供參考:
- server
- {
- listen 80;
- server_name bbs.vpser.net;
- index index.html index.htm index.php;
- root /home/wwwroot/Vevb.com;include discuz.conf;
- location /wp-content/uploads/ {
- location ~ .*/.(php)?$ {
- deny all;
- }
- location ~ .*.(php
- php5)?$
- {
- fastcgi_pass unix:/tmp/php-cgi.sock;
- fastcgi_index index.php;
- include fcgi.conf;
- }
- access_log off;
- }
添加完執(zhí)行:/usr/local/nginx/sbin/nginx -t測(cè)試配置文件,執(zhí)行:/usr/local/nginx/sbin/nginx -s reload 載入配置文件使其生效.?
新聞熱點(diǎn)
疑難解答
圖片精選
