Support » Plugin: iThemes Security (formerly Better WP Security) » [Plugin: Better WP Security] Purpose of renaming wp-content?

Viewing 9 replies - 1 through 9 (of 9 total)
  • As a lot of vulnerabilities are in known plugins and themes many bots look directly for the known files, typically in wp-content. Changing wp-content keeps these files away from such bots.

    Thanks for the response bit51.

    If a bot can be used to scan for specific files within the “wp-content” directory, couldn’t it also be used to scan for the same files throughout an entire site? If the files can indeed be pulled from “wp-content”, what’s preventing the bot from finding the same files within say, “/renamed-content”?

    Thanks.

    It is all about making the barrier higher. This will stop some automatic bots, but with the right skills and programs you can probably still figure out the renamed content.

    Often security is raising the barrier so high, people won’t try 🙂

    Thanks Mcorokio for the response!

    I can understand the security by obscurity. If a person can’t find the directory, they may assume the site isn’t using WordPress and move on. If they do figure that the site is using WordPress, the attacker may feel it’s too difficult or not worth the time discovering what the ‘wp-content’ directory has been renamed too. And if the attacker really wanted to discover this, they would anyhow.

    I also think of it like hiding a wireless SSID. For a business I wouldn’t bother because the broadcasting travels with the laptop. For a home, I might do it however it’s still discoverable when in use.

    Thanks for the information!

    That’s odd, there’s no “Resolved” checkbox at the bottom of the page. Anyhow, this is resolved.

    When viewing the source of the homepage, I can easily see the name of the ‘wp-content’ folder however, I can also see the name of the theme.

    Since I can see the name of the theme, I could assume that one directory up is the renamed ‘wp-content’ directory.

    When the contact form plugin is activated, its path is listed. Perhaps other plugins would be displayed as well?

    Finally, I can see the following jquery line.

    http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=3.4.1

    I can see how renaming it is helpful against bot scans, but if I can figure out the renamed directory within 15 seconds of viewing the source, I can see how that’s a security risk. I wonder if WordPress will do anything in the future to secure this information.

    Hi duke,

    The “resolved” is missing as I changed the status to “not a support question” meaning nothing is broken 😉

    One suggestion to help obscure your theme is to use a minifier such as w3 total cache. If you view the source of bit51.com you’ll see what I mean.

    unavailable

    (@unavailable)

    How do I restore the name “wp-content”? Thank you.

    unavailable

    (@unavailable)

    Looks like I found the answer: Comment two new lines in wp-config.php

    Thank you 🙂

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘[Plugin: Better WP Security] Purpose of renaming wp-content?’ is closed to new replies.