WordPress.org

Forums

Mask my wordpress directory (4 posts)

  1. tictactau
    Member
    Posted 5 years ago #

    Hi,
    I just followed all the instructions so that my domain.com/wordpress/ shows only domain.com in the address bar.
    That's great, but... you need not to be a genius to use firebug and read, for example, that your css file belongs to domain.com/wordpress/wp-content/themes/theme/style.css
    Is there a way to mask those infos?

  2. esmi
    Forum Moderator
    Posted 5 years ago #

    You could move WordPress into your domain root.

  3. tictactau
    Member
    Posted 5 years ago #

    hmmmh... first of all, it would be a mess, and it would become more difficult to run and maintain different applications.
    Moreover, this move would not make things more secure, just easier for hakers to figure out how to hack my blog.

  4. Mark / t31os
    Moderator
    Posted 5 years ago #

    You can't, not give out directory information in the source code.

    If you think directory locations is what hackers spend their time looking for you're misinformed...

    There's plenty of other things to worry about, such as 777 permissions on directories that shouldn't be writable and so on..

    Lots of ways to determine where files reside. Easiest way is to make a direct request to a file that is normally part of an include, there's usually at the very least 1 file floating around that doesn't check to make sure it wasn't requested directly.. As soon as that file is requested a visitor sees an error, along with your directory structure.

    What is it you think a hacker can do by knowing simply where files reside?

Topic Closed

This topic has been closed to new replies.

About this Topic