Moderator
James Huff
(@macmanx)
Volunteer Moderator
Thread Starter
Razva
(@razva)
Well I’ve read that, but I can’t understand if the define should go INSIDE the wp_initial_constants or not.
I’ve added the defines at the end of the wp-settings.php and it really didn’t worked…
Moderator
James Huff
(@macmanx)
Volunteer Moderator
All you have to do is edit just the wp-config.php
file.
Thread Starter
Razva
(@razva)
Oh, so the defines should be done in wp-config, not in wp-settings?
Thread Starter
Razva
(@razva)
Ok, thanks a lot!
I’ll get back if something goes wrong.
Thread Starter
Razva
(@razva)
Bummer!
Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/remedia/public_html/wp-includes/theme.php on line 513
In the wp-config.php I’ve added, just before the ?>, the following lines:
define( ‘WP_CONTENT_DIR’, $_SERVER[‘DOCUMENT_ROOT’] . ‘/public_html/files’ );
define( ‘WP_CONTENT_URL’, ‘http://www.re-media.ro/files’);
define( ‘WP_PLUGIN_DIR’, $_SERVER[‘DOCUMENT_ROOT’] . ‘/public_html/files/plugins’ );
define( ‘WP_PLUGIN_URL’, ‘http://www.re-media.ro/files/plugins’);
define( ‘PLUGINDIR’, $_SERVER[‘DOCUMENT_ROOT’] . ‘/public_html/files/plugins’ );
I’ve tried:
/home/user/public_html/files
and
/public_html/files
Both settings generate the above error.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Unfortunately, though you can move the /wp-content/
directory, you can’t change its name.
Thread Starter
Razva
(@razva)
Oh, so the single thing I can do is move wp-content to files/wp-content? The idea was to move the entire wp-content to files in order to secure the site…
If I can move wp-content, but I can’t change its name, than it’s the same thing as leaving it where it is, as a hacker can take a fast look at the source code and see if he can find wp-content. He doesn’t cares if wp-content is in /files or in the rootir…
So, as a final “product”, I’m looking for a way to rename wp-content and “hide” the fact that the website is using WP, for security reasons.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
That’s correct. It’s really more of a convenience thing (having the directory where you want it) than a security thing.
Unfortunately, too many plugins and themes rely on the directory being named /wp-content/.
Hi,
How about making a copy of your invisible ( .htaccess ) file, and moving it to the root of your site. ( /public_html/your site name )
Pierre
Thread Starter
Razva
(@razva)
@postrophe can you please be more explicit?
I was thinking at a symlink, but that will not fix the fact that WP will still post /wp-content/ in its source link…
Hi,
My test site. Try to add ( wp-content/) in the address bar !
You find a blank page.
Pierre
Thread Starter
Razva
(@razva)
Yeah, but if you look at the source, you can still find /wp-content/ there…
The idea here is to hide any “wp-trace” from the source. If an attacker knows what CMS are you using…you are extremely vulnerable.
So the story here is to completely hide “wp-content” from the source, not just move or restrict paths.