Support » Plugin: Wordfence Security - Firewall & Malware Scan » Hide other plugins

  • Resolved LV


    Is this software able to change or block
    the url of other installed plugins ?

    Maybe is it a option that will created
    on future version ?



Viewing 4 replies - 1 through 4 (of 4 total)
  • It is against the Wordfence corporate culture to hide anything. So you have to do it yourself. Changing name and folder for a plugin is easy. If you’re using an orphaned plugin that’s essential to your site (not uncommon these days as the entire WordPress plugin ecosystem continues to rot), it can in my opinion be an excellent security move to “hide” the plugin so that bots do not identify it. Google it up: “rename WordPress plugin.” MTN

    Hi @lordvader!

    Thanks for the inquiry. It is possible to change the wp-content directory manually via the WP_CONTENT_DIR and WP_CONTENT_URL constants. You can see an example here. Since this is a quite invasive root structure change it may not work with all plugins so it’s probably something that’d be best done on a per site basis.

    Perhaps you can elaborate a bit on what it is you want to change and why?



    Because I think it would add another layer of security.
    When a plugin has a exploit and it isn’t updated, a bot will
    try to use a standard map structure.
    To hide it, imo it won’t work to access the exploit.

    Thanks for the support.

    Hi again @lordvader,
    Wordfence uses a different strategy and blocks actual attacks whether vulnerable plugins exist or not. Unfortunately, a lot of exploits against plugins happen via admin-ajax.php for example. So changing URL structures isn’t going to make a difference in many cases. If you want to change the path for all plugins I would recommend you use the WP_CONTENT_DIR and WP_CONTENT_URL constants as I described.

    I’ll forward your request to the team though. Have a good week!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hide other plugins’ is closed to new replies.