WordPress.org

Ready to get started?Download WordPress

Ideas

Protect wordpress admin folder

  1. zaheen
    Member

    Let me tell you I like wordpress as it is now going towards to a more professional CMS with the best blogging software. One reason I like wordpress is; it's much easier than other CMS's like Joomla or Drupal etc.... it's less complicated to create pages and posts. But I wish few things to be changed soon to make it more professional and more robust.

    I am expecting word press developers to changes few things like;

    1) I think it will be a great idea if we can change the admin folder "wp-admin" to a choice of user while installing it. like now we can use our own password with 3.0 installation. Because now the whole world knows about administrator url, so it is much easier for hackers to try, but if user have any option, it will take a better security measure for wordpress. I have seen this type of option while installing express engine. They give us an option to name our admin folder.

    2) I think it will be a great improvement if user can have an option to manage menus on our wordpress sites. I like the menu manager in Joomla, but for a normal user, Joomla is bit complicated, I think wordpress developers can make a better menu manager with more flexible options to keep our pages in different placeholders such as header, footer, left, right etc.... I am not sure, but may be WOONAV is the answer for this, but I don't know how to use it so far....

    3) I would like more controller over contributor post's comment option, if wordpress already doesn't have a plugin, I need a plug which can control contributor's post, and if a user comment on his post, he should have rights to approve or delete it only.

    I have tried Drupal, Joomla and WordPress, but I like wordpress more.

    Thank you for the great job.

    Posted: 4 years ago #
  2. donottumbledry
    Member

    12345

    Agree with the necessity of having a more protected wp-admin folder. As you say, the world and his dog knows about it and it doesn't take a genius to work out if your site is using WordPress or not so the first line of defence is to obfuscate the wp-admin folder. The new value (ie the name you want the folder to be) can be written as a define('admin-folder','my_admin_folder_name') inside the config.php file that gets written when you install WordPress. From there on in, use the defined constant throughout WordPress to construct URL's to the admin folder.

    Posted: 3 years ago #
  3. gazouteast
    Member

    12345

    Don't forget to add an update option for existing sites too.

    Posted: 3 years ago #
  4. tonyzeoli
    Member

    12345

    I agree. It's very important for WordPress to help with security features like this.

    Posted: 3 years ago #
  5. Skhilled
    Member

    12345

    Agreed! ;D

    Posted: 3 years ago #
  6. woccax
    Member

    12345

    it would in fact make sense, to suggest a fairly random "default" string for the wp-admin folder - while also protecting it using htaccess.

    - woccax

    Posted: 2 years ago #
  7. Ipstenu (Mika Epstein)
    Administrator

    1) Admin Folder Protection

    First, don't bother renaming. It doesn't help anything. That's called 'Security by Obscurity' and once everyone starts doing it, the benefit for the early adopters will be gone.

    As for protection, you can't do it by .htaccess. Not everyone uses Apache. There's IIS7, nginx and a bevy of other tools. Unless your solution can cover most of them, it's a bad thing to implement as it will cause fringe users to stop using WP.

    2) Menu management - Do you mean front end, like what we have now, or back end? The front end is still being worked on, so it will grow and change over time and get better :) It's on the list.

    3) You can use membership management tools (Role Scoper and Members may do it) to provide more granular support for permissions for users and comment approval.

    Posted: 2 years ago #
  8. wjack2010
    Member

    12345

    I agree with number 1. but WordPress does have a plug-in already for this, though I got to admit if your not careful with the plug-in it quickly messes up your site.

    Posted: 2 years ago #
  9. sdaugherty
    Member

    12345

    Bad idea. Security by obscurity doesn't work. Besides, there's plenty of other ways to fingerprint a site to see what it's running. Only the lazy and the amateurs that don't know better poke at admin pages to find out what CMS they are running.

    Protect the admin pages yourself via .htaccess or similar if you so desire, but there's really no need to do it out of the box.

    Posted: 2 years ago #
  10. Zeb
    Member

    it is possible to place the config.php in the non-public folder and wordpress can easily find it.

    Same solution should be used for admin folder and important files and it should be possible to place them in the non-public folder beside the Public_html.

    Posted: 2 years ago #

RSS feed for this topic

Reply »

You must log in to post.

  • Rating

    12345
    46 Votes
  • Status

    Sorry, not right now