Simple security improvement?

  • toerning

    (@toerning)


    9 years, 8 months ago

    Recently I have been using the Wordfence security plugin (free version). One feature is the option to lock out anyone, who tries to sign in with a non-existing username. I (voluntary) get a mail every time that happens and thats quite often, since I chose to delete the default “admin” account soon after completing my install.

    Here is my idea (I tried to search the forum), I suggest, that you force users to pick a random url for the admin. Today all installs use “wp-admin” slug, but if possible, I would like to define my own url for the admin. Can this be done without changing the files and folders? Would it break autoupdates ect.?

    I am no cryptographer, but if hackers don’t even know where to try and recover a password or sign in, does that not on a practical level enhance security a bit?

Viewing 2 replies - 1 through 2 (of 2 total)
  • catacaustic

    (@catacaustic)

    9 years, 8 months ago

    In theory it sounds good, but in practice it doesn’t work. Security through obscurity is one of the least secure security concepts. With changing the admin URL the best that it will do is give hackers a few 404’s before they find something that does work, and at worst will have 1,000’s of users out there forget what the admin URL of their site is. And yes, they will forget!

    The security plugin that you’re using combinied with some server firewalls and a good server admin person will give a lot better secutiry then changing a URL will. And when the URl is known, it’s a whole lot easier to find out who is trying to break into it, and stop their attempts next time.

    ANTi-CAP

    (@anti-cap)

    9 years, 7 months ago

    That feature is already in iThemes Sec package.

    A fake admin section/login in the obvious place also works well IME, with an IP/user agent logger. A honey pot.

    Regards,
    A

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Simple security improvement?’ is closed to new replies.