What a loser do when he tries to discover a victim to attack? In the case of wordpress, he searches google for the phrase PROUDLY POWERED BY WORDPRESS. This is the start.
Now, the loser have a list of sites using wordpress.
The second phase involves the fact that he knows the name of all wordpress’ PHP files. If some of these files has vulnerabilities, he will use them to exploit the site.
NOW THE SOLUTION FOR ALL PROBLEMS:
1) imagine that, during installation wordpress files could be named to whatever names user’s want. Imagine a page during installation where the admin could change the names of all wordpress files. The real names of all files could be on a database.
2) during the installation all wordpress files would be renamed to those chosen by user and these names stored on a database that would be used by WP to know each name.
3) third, the phrase PROUDLY POWERED BY WORDPRESS should be replaced by an image with the same phrase. Of course, the name of this image could be changed during installation. Same could be done for every string constant on wordpress. Everything constant should allow replacing to make wp’s installations hard to find on google.
I do that for a long time with scripts like FormMail.pl…that I use under other hard to guess names…
I am suggesting this cause my wp installation was attacked and a loser has posted 720 thousand port-sex-medicine advertisings in a week.
I hope this can be used in some way.
- The topic ‘I THINK I HAVE A SOLUTION FOR 90% OF ALL SITES BEING ATTACKED’ is closed to new replies.