WordPress.org

Forums

Server access vs. WordPress access (6 posts)

  1. shix
    Member
    Posted 2 years ago #

    Hello.
    I was wondering, if someone has access to the server where wordpress is hosted, but doesn't have the wordpress username and password, can they still make changes to the website? And if so, is there a way to protect against it?

    (I should say, I'm trying to protect my site, not get into someone else's.)

    Any help would be appreciated.

  2. Rev. Voodoo
    Volunteer Moderator
    Posted 2 years ago #

    If someone can get into your server, thay have access to everything!

    They would have complete control of your files, database, etc. They could do anything.

    The way to protect against this would be to be on a quality, secure host/server, and to use strong passwords.

  3. shix
    Member
    Posted 2 years ago #

    Thanx, Voodoo.

    I always make sure to use strong passwords and do everything else I know how to protect my sites.

    This is actually an issue with in-company politics, where I've been instructed to protect the files from the people who already have server access info.

    ..You're right, off course they would have access to everything.
    I guess my question is: is there a way to hide, or password protect say the containing folder, wp-config, theme files and/or the database so that only certain people can have access to them?

  4. Rev. Voodoo
    Volunteer Moderator
    Posted 2 years ago #

    That is a server configuration question, and not really related to WordPress.

    If they have access to the entire server, there is no way for you to block it - unless you have full control over how the server is configured.

    It depends on what access they have, etc. Accounts can be limited to various areas on the server, various DBs, etc, but again, that is beyond the scope of what we can help with here.

  5. shix
    Member
    Posted 2 years ago #

    Ok. Thanx so much.

  6. esmi
    Forum Moderator
    Posted 2 years ago #

    You can't password protect most WordPress core files as that effectively locks WP out of accessing its own scripts in some situations. You will find some info in protecting the wp-admin folder on Hardening_WordPress plus a wealth of other ideas that you could use (such as monitoring file changes).

    With regard to databases, it really depends on how the server has been configured. Anyone who has root access via Phpmyadmin, for example, would have access to your database, so you could point out that a lot of this does depend - not on WordPress - but on the way in which the servers are configured and their access controlled.

Topic Closed

This topic has been closed to new replies.

About this Topic