Title: Security Questions Last modified: August 20, 2016 --- # Security Questions * [reziden7](https://wordpress.org/support/users/reziden7/) * (@reziden7) * [13 years, 10 months ago](https://wordpress.org/support/topic/security-questions-1/) * hi, 1st of all just want to excuse my english * my question is why wasn’t been implemented yet the ability to change wp-admin and wp-includes, or even wp-content folders dynamicaly. I did not research other than wp-admin but the name of this folder is hardcoded in the script. I’m asking this because I was asked to do that on an install and also thinked of creating a plugin for doing so (change the admin path). So there must be a reason for that and came up with two possible reasons: no one though about this so far or this is not a wanted feature. Also seen some videos on wordpress.tv about security and made me wonder. If I have to develop a worpdress platform detector ( and maybe to see current theme, some active plugins, etc) it’s just as simple as looking to source code and searching for ‘/wp-‘. Related to this topic, thumbs up for wordpress as it can do more than blog functionalities. But it loads many stuff that , a developer , my not need. I’m talking about the widgets panel, or theme and plugin editors, and some other stuff. Just another constant to check if some some functionalities can be disabled. * I also want to make a request: custom post types have their own table. So posts have {prefix}posts and {prefix}posts_meta, customer post type have {prefix}customer and {prefix}customer_meta. I think this will speed queryes and shrink down {posts} posts — excuse my self if posting in wrong category or this subject has already been discussed Viewing 6 replies - 1 through 6 (of 6 total) * [s_ha_dum](https://wordpress.org/support/users/apljdi/) * (@apljdi) * [13 years, 10 months ago](https://wordpress.org/support/topic/security-questions-1/#post-2822322) * I think it is practically impossible to hide that the site is running WordPress. I can think of 20 ways to ID the site as a WordPress install and I am sure I could come up with more. * Whatever you rename your ‘wp-content’ folder, it is going to be revealed in the source code of every page. Whatever you rename your ‘wp-admin’ folder, it is going to be revealed in the source code of wp-login.php, though you could rewrite that page. * > I also want to make a request: custom post types have their own table. * I’m not sure if that will speed things up much, honestly, but I am nearly positive that it isn’t going to happen. The powers that be in WordPress development seem to have a religious conviction that using fewer tables is better. I disagree. * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [13 years, 10 months ago](https://wordpress.org/support/topic/security-questions-1/#post-2822336) * I wouldn’t call it religious 😉 just that they like to separate data in a logical way. wp_posts has posts, pages, CPTs and (interestingly) menus. Splitting it up now would be problematic, especially if you ever wanted to move a post between the types (which you can!). * But yes, the whole reason you can’t move wp-admin is there’s no benefit 🙂 * [s_ha_dum](https://wordpress.org/support/users/apljdi/) * (@apljdi) * [13 years, 10 months ago](https://wordpress.org/support/topic/security-questions-1/#post-2822340) * > I wouldn’t call it religious 😉 * 🙂 * With the posts/pages/custom-types I completely agree. I don’t think there is any compelling reason to break those up. * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [13 years, 10 months ago](https://wordpress.org/support/topic/security-questions-1/#post-2822342) * I meant to say, you actually can move wp-content! * [http://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content](http://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content) * Just watch out. Some silly plugins are doing_it_wrong() and hard code paths when they shouldn’t. *sigh* * [s_ha_dum](https://wordpress.org/support/users/apljdi/) * (@apljdi) * [13 years, 10 months ago](https://wordpress.org/support/topic/security-questions-1/#post-2822343) * > Just watch out. Some silly plugins are doing_it_wrong() and hard code paths > when they shouldn’t. *sigh* * LOL… There is a [whole ‘nother thread](http://wordpress.org/support/topic/cheatin-uh?replies=33) about that going on right now. * I meant to mention that wp-content thing too, and forgot. I’ve never tried to move wp-content. When you do, is the new path revealed in the page source– say, in the path to the theme css files and theme images? Or is it obfuscated? * Moving outside the application directory could make it tougher to exploit I suppose… * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [13 years, 10 months ago](https://wordpress.org/support/topic/security-questions-1/#post-2822355) * > When you do, is the new path revealed in the page source– say, in the path > to the theme css files and theme images? * Totally visible. * I did it on a site to move uploaded images out of root, which was fun 🙂 Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Security Questions’ is closed to new replies. ## Tags * [wp-admin](https://wordpress.org/support/topic-tag/wp-admin/) * [wp-include](https://wordpress.org/support/topic-tag/wp-include/) * In: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) * 6 replies * 3 participants * Last reply from: [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * Last activity: [13 years, 10 months ago](https://wordpress.org/support/topic/security-questions-1/#post-2822355) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics