WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Change wp-admin into another name (10 posts)

  1. legendchew
    Member
    Posted 6 years ago #

    Hi, is the any possible way to change the wp-admin into another name? I feel very unsecure using the wp-admin since everyone having the same. It will be easily hack by hacker.

  2. moshu
    Member
    Posted 6 years ago #

    I have never heard about a hacked blog because of the name of that folder (and I've spent quite a long time around here).
    However, I have seen a lot of hacked blogs because:
    - week passwords
    - files with world wide writable permissions (aka editing themes online)
    - insecure plugins

  3. legendchew
    Member
    Posted 6 years ago #

    Thank's for your reply. I already found the solution.

    Here some of my concern:
    -Hacker know our main username is 'admin' (which can't be deleted)
    -Hacker know if we powered by wordpress, our main editing website address is "http://our_domain_name/wp-admin/"

    *Now hacker just need to do is to crack password :)

    If we able to change the folder name and admin username, it will reduce our risk.

    I just hope that wordpress able to solve this issue on their next update.

    Thank you for your support. :)

  4. humble coder
    Member
    Posted 6 years ago #

    what was the solution?

  5. Ivovic
    Member
    Posted 6 years ago #

    to stop wanting it.

  6. planeta.srbija
    Member
    Posted 6 years ago #

    You can just rename index.php within wp-admin folder into anything else (i.e.: login.php)! It works.

    For admin login use the path: http://www.yoursite.com/wp-admin/login.php :D

  7. planeta.srbija
    Member
    Posted 6 years ago #

  8. Ivovic
    Member
    Posted 6 years ago #

    that's a solution to *a* problem, but not *this* problem.

    securing the wp-admin folder and renaming it are not the same thing. It should be possible to do BOTH.

  9. askapache
    Member
    Posted 6 years ago #

    Interesting idea, of course from my experience of hacking through the WP code, there is an awful lot of hardcoded references to the admin folder.. But I don't know that much about WP so maybe. Since the result of moving wp-admin to wp44-admin would be they would start using bigger guns and attacking everywhere, it might be better for the server resources if WP developers just added a lock-out after so many attempts.

    The problem that I have seen in the past with that type of setup is when they build it all into the database.. whcih effectively just gives you a slower site.

    One way you could make apache and WP do this is by having .htaccess code that denies access based on the value or presense of a cookie, which mod_rewrite can see in the Set-Cookie HTTP header. So after 10 bad login attempts the login script stops providing the robot with the correct cookie, thus locking them out.

  10. whooami
    Member
    Posted 6 years ago #

    there is an awful lot of hardcoded references to the admin folder.. But

    there is one line perl command that can recursively grep all files for a word and replace that word with another word -- its not THAT hard to do.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags