WordPress.org

Support

Support » How-To and Troubleshooting » I dont need help but i have questions

I dont need help but i have questions

  • Hello guys .
    I have some questions about wordpress.

    I know that most of wordpress website get hacked every day because they have a problem . This problem is called wp-config.php
    Trust me i know what im talking .

    Now this problem it push me to make some questions :
    1. If i like to change the name of the config file without destroying my wp_blog , can I do it and how ?? I just want to rename it .
    2.I also want to rename wp-login.php and wp-admin
    3.If this is not possible i want something else . I want to block reset password in wp-login.php .

    Can someone give me answers . Thanks for reading this post . take care .

Viewing 15 replies - 1 through 15 (of 24 total)
  • No. I do not trust you know what you are talking about. Have several hundred WordPress websites been going for years and never been hacked. Never had to do anything undocumented.

    esmi

    @esmi

    Forum Moderator

    This problem is called wp-config.php

    No it’s not.

    You might want to have a read of http://ottopress.com/2009/hacked-wordpress-backdoors/

    I sayed I know what im talking because i know . give me a link to wordpress website and i will give proof how that websites gets hacked in 10 minutes .

    This is not a threat . I just want to make my wordpress website 100 % secured .

    So can someone help me by answer my questions ?

    The PHP files can’t be view by a normal user unless you have FTP access to the server, therefore you can’t read wp-config.php

    Also when you reset your password the old password remains until you click the link in the email

    I sayed I know what im talking because i know . give me a link to wordpress website and i will give proof how that websites gets hacked in 10 minutes .

    Sure mario, here is a link to a wordpress site: http://wordpress.org/wp-admin

    Now, I will sit here and wait for your excuse about why “wordpress.org is too secure for you to hack”. I am 100% positive that you will either not respond or have and excuse for not being able to do it.

    I am interested in your lack of success as well. Please report your results.

    Guys . I want to tell ya something . I love wordpress and i will never change it with something else . What im trying to do here its help my self and if i can to help you (wordpress staff).

    this text is quoted from : http://ottopress.com/2009/hacked-wordpress-backdoors/

    A backdoor is code that has been added to your site.
    It will most likely be code not in the normal WordPress files. It could be in the theme, it could be in a plugin, it could be in the uploads directory.
    It will be disguised to seem innocuous, or at least non threatening.
    It will most likely involve additions to the database.

    Im sorry dude but WTF ? What I see here is that you dont have a clue about exploiting webapplications , trojans , shellcodes , POC .
    First of all its not called a backdoor , we call it exploit/ing.
    Second to catch a bad guy you must think like he thinks .(try to understand what i wanna say here .)

    I can help you by my way to patch some problems on wordpress .

    If you like i will make a video how i massive hack wordpress websites .

    Let me know …

    Umm, we still have not seen you hack the one I gave you a link to. I posted the link 28 minutes ago and you said it could be done in 10…

    Guys . I want to tell ya something . I love wordpress and i will never change it with something else . What im trying to do here its help my self and if i can to help you (wordpress staff).

    this text is quoted from : http://ottopress.com/2009/hacked-wordpress-backdoors/

    Isn’t that from the link esmi suggested you read? In fact most everyone here regularly, might be aware that the source you quoted does indeed know what he’s talking about. </irony> I think the question now (still), is do you actually have presentable evidence to contribute to the community, that your assertions are both true, and consistently reproducible? In other words, if you believe you can prove it, then submit it for inspection.

    “Where do I report security issues?”

    Send an email with the details to security@wordpress.org.

    I know where to report them ClaytonJames .

    No one gave me answers for my questions .

    Boy, what a debate here. I don’t think you can hack a wordpress blog “unless” the blog owner installs your exploited code. Even according to this:

    A backdoor is code that has been added to your site.
    It will most likely be code not in the normal WordPress files. It could be in the theme, it could be in a plugin, it could be in the uploads directory.
    It will be disguised to seem innocuous, or at least non threatening.
    It will most likely involve additions to the database.

    Unless the blog owner installs some code/plugin which is exploited or gives FTP user/password or gives Admin username/password to anyone, there isn’t a way to hack a blog. Well, let’s just forget about this debate although I’m sure many people here would love to understand what can you do to a blog but let’s just talk about what you wish to know.

    First of all, you are trying to make some “major” changes to the WordPress files. You wish to change the wp-config.php file which I think can be done. If you know even little bit about PHP, you would begin with looking in the index.php file in your WP blog’s root. That file should have indications of where to look the config.php file. Then you can perhaps change the name at couple of places, wherever necessary and then try playing around to make things work.

    Then you are asking to change wp-login.php which I believe can be done with little effort. Once again, you will have to hard code the changes in many files that link to wp-login.php file.

    The best of all is renaming the wp-admin folder altogether. I guess, you are inviting trouble. May be after changing many files, you will be able to make it work with the new admin folder.

    Now a few observations:
    Are you sure, after doing all of this crap, your blog will be 100% secure?
    Well, if someone is “so dying” to hack your blog, they will soon discover the correct admin link.
    What about upgrading your blog? Whenever you will install updates from WordPress, all those changes will be gone. If you say that you won’t update your blog, then you are again inviting hackers.

    THINK! How much security is “enough”. Hope this info helps you in some way.

    sharecommons i would like to thank you so much for your time . I read all your post .
    I know that if i do a massive change , it will give me houndred of errors and i think i will spend mouch time to figure it .

    Im not a good php coder or something . I know basics of php , but if someone can code a plugin … a plugin that helps you to rename the wp-config.php file … that sir that would be awesome and i promice you wordpress websites hacked will decrease by 40% (minimum)

    I’m an intermediate just like you mario4 and certainly what you are suggesting is worth a thought. I’m not sure if any “plugin designer” would give this a thought but what we can do:

    I have WampServer installed on my computer and I have installed a WP blog on my computer for testing purpose. I’ll see if I can do something of this sort. I’m not sure how much successful I’ll be at damaging my WP installation 🙂

    But I promise to keep you in the loop if I’m able to discover something new 😀

    In the mean time, keep up with your ‘search’ for answers to your questions. Good luck man!

    thanks dude . i appreciate that .

    To other guys . Im ready to make a video tutorial on hacking a wordpress website in 2-4 minutes. Tell me if you want to see it so i will record it and publish it on youtube or somewhere else .

    ***Remember i dont take nothing from this . I m just finghtin to optimize wordpress and make it better .

    I’ll love to see anything that helps making WordPress a better software. Thank you mario4 for taking the time to help improving WP.

    I would suggest you “not to” include information about the tools that can be used to the bad stuff. Don’t think anyone here would “appreciate” popularizing the tools that can be used to do the bad stuff. But yeah, for education purpose, please do show whatever is necessary to secure a WP blog. I’ll love to have the link when you upload it on Youtube.

Viewing 15 replies - 1 through 15 (of 24 total)
  • The topic ‘I dont need help but i have questions’ is closed to new replies.
Skip to toolbar