Support » Fixing WordPress » Security issue with wp-admin folder

  • Hi all, Still there is no solutions to admin folder as there were so many suggestions for rename the folder , there were many suggestions like change the folder with installation script ? and so on but still no conclusion ?

    any one have any updates ?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Stupid argument that people less knowledgable keep bringing up. No solutions because there is no problem. The whole world knows the directory name but that is not how anyone gets in. I have setup WP literally over a thousand times. The only one that got hacked into was because the owner used a simple password. It is well documented here on how to harden your site. But go ahead and waste your time…

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    Not a stupid argument. It is valid, as far as it goes. To make an analogy, however. Every house has a front door. We all know that. It doesn’t make the house more or less secure by having the door, but by how you lock the door. Security by moving the door won’t help. The windows are still there, and you have to get in, so someone can eventually find the door.

    Security is making a better lock 🙂 A good password, maybe an .htaccess to restrict access to just your IPs, some plugins to lock out accounts if people try and brute force their way in. But moving the door isn’t as helpful as you’d think, because in the end, the door is still there. Somewhere.

    @ipstenu
    You just proved my point. Which is renaming is a stupid argument. Using the door analogy, everyone has a door to their home and its pretty easy to find. Move it and robbers will just keep walking around the house. So arguing about moving the door is just plain stupid.
    But as you said “making a better lock” which was my point. But people keep arguing about moving the door instead of (including what you mentioned) doing what really will make the site more secure.
    Have had to fix sites (not just WP) that were hacked into and usually it was caused by simple preventable things.

    Thread Starter itrcp

    (@itrcp)

    Dear Just to say some word again that every one knows that here is a door and here is a window so it will be easy for them to work on getting in and if no one knows that where is the door and where is the window then at leaste they have to spend time for finding the windows and door ? so my first point is to hide from all and then second point is to keep the door and windows proper lock .
    lock is an easy option but hiding door is not easy so that is the reason you guys are focucig the lock not the door .

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    Moving the door is better known as ‘Security through Obscurity.’

    There are reasons we (in the security biz) don’t do it and WikiPedia touches on most of them (and some of the reasons why people think it should be done).

    Anyway. How to move wp-admin: http://www.michiknows.com/2007/02/12/who-else-wants-to-hide-their-wordpress-admin-folder/

    It has some problems.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Security issue with wp-admin folder’ is closed to new replies.