WordPress.org

Ready to get started?Download WordPress

Forums

Make it an option to change the WP-amin folder in an easy way. (9 posts)

  1. Dr_Ernst
    Member
    Posted 3 years ago #

    Make it an option to change the WP-amin folder in an easy way, this is mainly to confuse hackers and robots ofc.. It won't be fool-proof but it will help! This will atleast fool som people who are developing spiders who aim for hacking wordpress sites.. It's hard to hack a site if you don't know where the login section is..

    For all you guys trying to do so by yourself here is a tutorial.. Do I tdon't think the update will go so smoothly afterwards and I have messed up the admin sections css by following it. This wouldn't have been so bad if it wheren't like this that they use sprites for the pictures used in the buttons in the admin section.. I think I will hard code it in.. but that's not a good solution.. SO if someone could make this workd dynamically it would be great!

  2. Dr_Ernst
    Member
    Posted 3 years ago #

    Forgot to add an link:

    Link to the tutorial how to change wp-admin bolder (The css will be messed up though in the admin section)

  3. Dr_Ernst
    Member
    Posted 3 years ago #

    *bolder=folder

    And I saw that this solution isn't so good cause when surfing to wp-admin you are redirected to wp-login.php so You have to rename that file also.. But I think with grepwin you can change all the instanced where that filename occur also.. I'll try it..

    So TO DO for the developer community A WAY TO EASILY CHANGE THE WP-ADMIN FOLDER AND THE WP-LOGIN.PHP DYNAMICALLY.

  4. Dr_Ernst
    Member
    Posted 3 years ago #

    with dynamically I mean that it will remain changed even after updating wordpress..

  5. Dr_Ernst
    Member
    Posted 3 years ago #

    so far so good when I changed all the occurences of wp-login.php to some custom name I chosed.. Ofc there can bee bugs in the future so that 's why the community of developers really should make it possible to change these 2 things in the confiq file: WP-LOGIN.PHP and wp-admin folder name.. and possibly more security holes I don't know about. WordPress is getting hacked to mutch, I only have installed ca 7 public installations of wordpress! And still 1 of them got hacked. My friend has also installed circa that amount of installations he got all of them hacked. SO THIS IS CRITICAL FOR THE FUTURE OF WORDPRESS. Spiders shouldn't find the admin log-in section so easily..

  6. It's not critical. In fact, we've already gone over that.

    What you're proposing is called Security Through Obscurity and generally it doesn't help as much as you'd think it would.

    Far better is to secure your wp-admin folder - http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin

  7. Dr_Ernst
    Member
    Posted 3 years ago #

    Question:
    Is htpasswd safe enough to protect wp-admin?
    And do htpasswd work well with WordPress perhaps it will limit the possability for some of the wordpress files to access the files contained in the wp-admin folder also?

  8. Is htpasswd safe enough to protect wp-admin?

    Yes.

    And do htpasswd work well with WordPress perhaps it will limit the possability for some of the wordpress files to access the files contained in the wp-admin folder also?

    It has the possibility to cause problems with that.

  9. Andrew Nacin
    Lead Developer
    Posted 3 years ago #

    Yeah, changing wp-admin is one thing, but doing it for security purposes is just plain wrong. You'd be better to restrict by IP, HTTP authentication, SSL, and other tweaks.

Topic Closed

This topic has been closed to new replies.

About this Topic