It is against the Wordfence corporate culture to hide anything. So you have to do it yourself. Changing name and folder for a plugin is easy. If you’re using an orphaned plugin that’s essential to your site (not uncommon these days as the entire WordPress plugin ecosystem continues to rot), it can in my opinion be an excellent security move to “hide” the plugin so that bots do not identify it. Google it up: “rename WordPress plugin.” MTN
Hi @lordvader!
Thanks for the inquiry. It is possible to change the wp-content directory manually via the WP_CONTENT_DIR and WP_CONTENT_URL constants. You can see an example here. Since this is a quite invasive root structure change it may not work with all plugins so it’s probably something that’d be best done on a per site basis.
Perhaps you can elaborate a bit on what it is you want to change and why?
Thread Starter
LV
(@lordvader)
Because I think it would add another layer of security.
When a plugin has a exploit and it isn’t updated, a bot will
try to use a standard map structure.
To hide it, imo it won’t work to access the exploit.
Thanks for the support.
Hi again @lordvader,
Wordfence uses a different strategy and blocks actual attacks whether vulnerable plugins exist or not. Unfortunately, a lot of exploits against plugins happen via admin-ajax.php for example. So changing URL structures isn’t going to make a difference in many cases. If you want to change the path for all plugins I would recommend you use the WP_CONTENT_DIR and WP_CONTENT_URL constants as I described.
I’ll forward your request to the team though. Have a good week!
