WP SECURITY

  • pbdesignro

    (@pbdesignro)


    17 years, 4 months ago

    I want, if is possible, to have in wp-config.php, 2 vars like:
    define( ‘admin_dir’, ‘zorro’ ); // where is the admin dir
    and
    define( ‘include_dir’, ‘vegetables’ ); // where is the includes dir.

    I want this, because, WP is not verry secured.
    If i find a WP blog, 2.6 v , and go to adress:
    wpblog.com/wp-admin/upgrade.php i can upgrade his site whitout admin username or password.

    If you implement this thing, i’ll not known every more the wp-admin folder.

    Sorry for my english.
    I hope you understand what i’m telling here.
    Good luck!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    17 years, 4 months ago

    That’s an odd solution. If it really bothers you just delete wp-admin/upgrade.php.

    You can see a list variables

    http://codex.wordpress.org/Editing_wp-config.php

    I think this is a partial list. I don’t see a variable for wp-include or wp-admin. WP_CONTENT_DIR and WP_CONTENT_URL look interesting though.

    Len

    (@lenk)

    17 years, 4 months ago

    i can upgrade his site whitout admin username or password.

    So what? That file will only do anything if someone has deleted the old files from his server, uploaded the new ones and has yet not run the script. If the script has already been executed it won’t do anything.

    As jdembowski said if it bothers you that much delete it.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    17 years, 4 months ago

    Although, from a go nuts with it point of view, being able to define WP_ADMIN_DIR, WP_ADMIN_URL, WP_INCLUDES_DIR, and WP_INCLUDES_URL would be interesting…

    Multiple blogs sharing one set of wp-admin and wp-includes… now we’re getting into WordPress MU space…

    Len

    (@lenk)

    17 years, 4 months ago

    @jdembowski – at the risk of getting off topic, love those 5 static sites linked from your main domain. 😉

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    17 years, 4 months ago

    My blog roll? Or www? The www links are very 1997 🙂

    Len

    (@lenk)

    17 years, 4 months ago

    The 5 static sites belonging to your family members listed in the post “Web Server and Security Engineering”.

    are very 1997

    Yeah, that’s why I got a kick out of them. Memories. 🙂

    To the original OP you’re not using this article as a point of reference are you,

    http://www.securityfocus.com/archive/1/499505

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘WP SECURITY’ is closed to new replies.