WordPress.org

Ready to get started?Download WordPress

Forums

Hide/protect/rename WP installation folders (8 posts)

  1. wpreser
    Member
    Posted 2 years ago #

    Hi,

    I searched the forum and google for a clear and straightforward way to hide or rename WP folders (wp-content, admin, include) to increase security and mislead malicious people but answers are different, and not satisfying!
    Why WordPpress developers don't make it simple?
    Normally, the basis and the advantage of opensource tools is the flexibility and transparency, so why it is so difficult to find a simple way to customize WP folders?

  2. WPyogi
    Volunteer Moderator
    Posted 2 years ago #

    Have you looked at this? http://codex.wordpress.org/Hardening_WordPress

    There is a section on WP file permissions that may address your question.

  3. wpreser
    Member
    Posted 2 years ago #

    Thanks WPyogi.
    What about completely hiding WP folders, not just to set file permissions?
    This will reinforce WP website security much more than to set up permission.

  4. What about completely hiding WP folders, not just to set file permissions?

    If you mean rename the folders, that can't be done practically. There are too many references and too many hard coded directory names. You would need to locate and change all of them, and keeping that modified installation up to date would be challenging to say the least.

    Also? It wouldn't buy you one bit of added security because once someone get's those paths you are back to square one. That link that WPyogi provided you with has all the information you need to harden your installation.

  5. wpreser
    Member
    Posted 2 years ago #

    once someone get's those paths you are back to square one.

    This is exactly what I'm searching to avoid, hence my question.
    WP should offer more flexibility in this matter to increase security options.

  6. ...Did you read the link WPyogi provided..?

    http://codex.wordpress.org/Hardening_WordPress

    Give this one a look too.

    http://www.studiopress.com/tips/wordpress-site-security.htm

    There are security best practices (which work) and then there are "think happy thoughts really hard and hope no one notices us" which don't accomplish anything.

    Renaming folders? Not a solution, doesn't help, and will not make your installation more secure. But it will most likely break things. Really.

    If you want to make your installation more secure then using real best practices will help you out.

  7. wpreser
    Member
    Posted 2 years ago #

    Yes I did but not so convinced by the arguments presented there, because they bypass an essential point in WP.
    In WP installation, the plugins and wp-folders are known and listed in the source page! So, this is an opened door every kind of dangers!

  8. MickeyRoush
    Member
    Posted 2 years ago #

    @ wpreser

    If you're that serious about security through obscurity, you might want to look at how they do something similar with the Roots theme.

    http://www.rootstheme.com/

    http://wordpress.stackexchange.com/questions/25418/how-can-i-hide-that-i-use-wordpress-with-w3-total-cache

    http://wordpress.stackexchange.com/questions/1507/steps-to-take-to-hide-the-fact-a-site-is-using-wordpress/1509#1509

    It's just not worth it to me. As there are many other ways to fingerprint a WordPress site and/or to find paths. You'll never obscure them all.

    But if you're up to doing the work, those links above should at least point you in the right direction. Good luck.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.