Changing wp-login.php filename and wp-admin directory (2 posts)

  1. neusoft
    Posted 5 years ago #

    I have upgraded to WordPress 3.1.1 and it appears to be working fine.

    I am considering changing the name of the 'wp-login.php' file and the 'wp-admin' directory. The reason why I am considering this is that looking at my server logs, IP addresses seperate and apart from the IP address (and it is also not search enging spiders/bots) handed out from my ISP (I log this) are accessing the wp-login.php page. Therefore, I want to be cautious and take precautions to prevent possible hacking.

    Because my IP address handed out from my ISP are not dedicated, it is hard to write a rule in .htaccess blocking out all IP addresses except mine from accessing wp-login.php and the wp-admin directory.

    Knowing that every install of WordPress has both the wp-login.php filename and wp-admin directory and knowing that hackers do download the software and 'reverse engineer' the code to look for weaknesses and flaws, what type of code modifications would need to be done to the file "wp-login.php" and wp-admin directory to tell the code the new filename of 'wp-login.php' and new directory name for wp-admin?

    Thanks for your help and support in advance.

  2. carbeck
    Posted 4 years ago #

    Seconded. This is a security flaw I'd like to see fixed. I think it would be best if there was some possibility to randomly rename wp-login.php and wp-comments-post.php, seeing as spammers know that these files exist once they know you're running WordPress, so the following is not unusual in my logs:

    93.183.***.*** - - [10/Mar/2012:13:46:53 +0000] "POST /wp-login.php HTTP/1.0" 200 5675 "http://[my server's URL]/wp-login.php" "Mozilla/5.0 (Windows NT 5.1; rv:4.0) Gecko/20100101 Firefox/4.0"

    (some IP from Ukraine; this goes on for over a hundred times)

    46.29.***.*** - - [06/Mar/2012:20:07:07 +0000] "GET /archives/1689 HTTP/1.0" 200 28700 "http://[referrer spam URL]" "Mozilla/5.0 (en)"
    46.29.***.*** - - [06/Mar/2012:20:07:08 +0000] "POST /wp-comments-post.php HTTP/1.0" 302 0 "http://[my server's URL]" "Mozilla/5.0 (en)"

    (some IP from the US; resulting in successful spam)


    On the other hand, on the comment form it says:

    <form id="commentform" method="post" action="http://[server]/wp-comments-post.php">

    So the actual URL to the comments script is revealed, which would make the random renaming of the file pretty pointless, as the filename could easily be read out.

Topic Closed

This topic has been closed to new replies.

About this Topic