Modify admin.php to prevent direct malicious access
Open the admin.php filefind
$discuz->init();
Add the code below:
if(!$_G['uid'] || !getstatus($_G['member']['allowadmincp'], 1)) {
header('Location: '.$_G['siteurl']);
}
After modification, those who do not have access to the back end, access to admin.php will automatically jump to the home page of the website, if the administrator wants to log in the back end, must first login in the front end, and then click the link to enter the back end!
This hack was already published here 4 years before:
Post time: 2015-02-18 18:03
How to block non-admin direct access to admin.php page
Very useful. Will try this solution. These malicious access is very annoying.
Pages:
[1]