Hi,
I just followed all the instructions so that my domain.com/wordpress/ shows only domain.com in the address bar.
That's great, but... you need not to be a genius to use firebug and read, for example, that your css file belongs to domain.com/wordpress/wp-content/themes/theme/style.css
Is there a way to mask those infos?
Mask my wordpress directory (4 posts)
-
tictactau
Posted 1 month ago # -
You could move WordPress into your domain root.
-
Posted 1 month ago #hmmmh... first of all, it would be a mess, and it would become more difficult to run and maintain different applications.
Moreover, this move would not make things more secure, just easier for hakers to figure out how to hack my blog. -
You can't, not give out directory information in the source code.
If you think directory locations is what hackers spend their time looking for you're misinformed...
There's plenty of other things to worry about, such as 777 permissions on directories that shouldn't be writable and so on..
Lots of ways to determine where files reside. Easiest way is to make a direct request to a file that is normally part of an include, there's usually at the very least 1 file floating around that doesn't check to make sure it wasn't requested directly.. As soon as that file is requested a visitor sees an error, along with your directory structure.
What is it you think a hacker can do by knowing simply where files reside?
Reply
You must log in to post.
