two separate domains, one for blog and one for wp-admin (4 posts)

  1. Hi,

    I am just reading over the codex on how to harden WordPress and the administering over SSL.

    I am wondering if it would be possible at all and if this would help with security at all, if you were to give your main blog and the wp-admin back end two separate domain names.

    so http://www.example.com and http://www.admin-example.com, the idea here being to make it almost impossible for someone to find your backend, because its domain name could be anything.

    I'm thinking that a really good hacker might be able to just use your websites IP address instead of a domain name, which would make this idea redundant. However, i can't help but wonder if it would be possible or even worth doing.

    Something tells me if you could use two domain names and two separate servers for your wp-admin and main blog, and be able to keep the domain name and ip of the wp-admin server hidden then i suppose it might work.

    if a hacker could get in to ur wp-admin, they can get into ur config file and find the location of your mysql server, but i bet with some fancy tools they can detect where the mysql requests are going just be browsing the website.

    I'm not sure is the right place to post this, but if anyone has any comments or info that would be cool :)

  2. Cory Gibbons
    Posted 1 year ago #

    I'm sure it's possible, but it's definitely not practical.

  3. catacaustic
    very awesome
    Posted 1 year ago #

    That's called "security through obscurity" and it's the least effective method of security available today. In the "real world" bots don't just search for a login page on your domain, they'll search for a login page on any site that they find, and sooner or later one of them will come across your admin sites URL and the attempts wil start there.

    And remember that just because the domain name could be just about anything, there's a whole lot of services out there that know and record which URL's you visit, and any of these can publish a URL that they find in their search results. On top of that pretty much all browser toolbars report back to their companies and unless that company has a very good privacy policy, the URL lists that they harvest can be sold off to anyone that's willing to pay for them.

    On top of all that... any realyl good hacker won't go through the login form anyway. They'll exploit different vunerabilities that don't leave that sort of trace, and a rea lot harder to track down. Anything targeting the login page is a pretty simple brute-force attack which can be blocked by some very simple measures.

  4. thanks for the comments. you make some good points catacaustic

Topic Closed

This topic has been closed to new replies.

About this Topic