I THINK I HAVE A SOLUTION FOR 90% OF ALL SITES BEING ATTACKED

That’s called, “security by obscurity”

People do that with ports, i.e. run ssh or smtp on some random port number instead of the standard port.

With your solution, there still has to be one file that is guaranteed to be in an exact location, with an exact name: wp-config.php

You have to know HOW to connect to the database to get the names of the other files.

There’s no reason why wp-config.php cannot have other name. Everything can be on a database. The only file with the same name will be index.php, but this can be anything and a loser cannot search in google for index.php in order to find wp installations.

OK since it’s apparent that you have thought this out…. tell me, how does WP connect to the database? The database information is in the wp-config.php file…. only it’s no longer called wp-config.php, it’s now called xyz-muwahahaha.php …. so how would WP “know” that’s where the DB info is?

-tg

Not to mention that the whole renamed files thing would be a support nightmare.

User: I’ve got an error in pink-aardvark.php

Forums: Errr?

hahah, that some pissed off WordPress user! that’s a lotta of viagra, cialis and all those things.

hosting providers just need to be a little bit more, proactive. mod_security, conditional logging, etc.. 🙂

my 2 cents 🙂

You still need to address Podz’ concerns. Filenames are only one way to detect an installation.

ive used another more CMS type set up and it was a sinch ta take out anything related to the systems name or type…then it was just a mater of ditchin the version # of the footer and afew other spots.

wp_config.php should realy just be config.php like everything else ive used…but what ever…no weird erectile disfuntional fixing medication adds on my set up yet 🙂

http://codex.wordpress.org/Hardening_WordPress

I’d suggest reading this for anyone serious about securing their WP install.