Title: WP SECURITY Last modified: August 19, 2016 --- # WP SECURITY * [pbdesignro](https://wordpress.org/support/users/pbdesignro/) * (@pbdesignro) * [17 years, 4 months ago](https://wordpress.org/support/topic/wp-security-1/) * I want, if is possible, to have in wp-config.php, 2 vars like: define( ‘admin_dir’,‘ zorro’ ); // where is the admin dir and define( ‘include_dir’, ‘vegetables’ );// where is the includes dir. * I want this, because, WP is not verry secured. If i find a WP blog, 2.6 v , and go to adress: wpblog.com/wp-admin/upgrade.php i can upgrade his site whitout admin username or password. * If you implement this thing, i’ll not known every more the wp-admin folder. * Sorry for my english. I hope you understand what i’m telling here. Good luck! Viewing 6 replies - 1 through 6 (of 6 total) * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [17 years, 4 months ago](https://wordpress.org/support/topic/wp-security-1/#post-937868) * That’s an odd solution. If it really bothers you just delete wp-admin/upgrade. php. * You can see a list variables * [http://codex.wordpress.org/Editing_wp-config.php](http://codex.wordpress.org/Editing_wp-config.php) * I think this is a partial list. I don’t see a variable for wp-include or wp-admin. WP_CONTENT_DIR and WP_CONTENT_URL look interesting though. * [Len](https://wordpress.org/support/users/lenk/) * (@lenk) * [17 years, 4 months ago](https://wordpress.org/support/topic/wp-security-1/#post-937869) * > i can upgrade his site whitout admin username or password. * So what? That file will only do anything if someone has deleted the old files from his server, uploaded the new ones and has yet not run the script. If the script has already been executed it won’t do anything. * As jdembowski said if it bothers you that much delete it. * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [17 years, 4 months ago](https://wordpress.org/support/topic/wp-security-1/#post-937872) * Although, from a go nuts with it point of view, being able to define WP_ADMIN_DIR, WP_ADMIN_URL, WP_INCLUDES_DIR, and WP_INCLUDES_URL would be interesting… * Multiple blogs sharing one set of wp-admin and wp-includes… now we’re getting into WordPress MU space… * [Len](https://wordpress.org/support/users/lenk/) * (@lenk) * [17 years, 4 months ago](https://wordpress.org/support/topic/wp-security-1/#post-937874) * [@jdembowski](https://wordpress.org/support/users/jdembowski/) – at the risk of getting off topic, love those 5 static sites linked from your main domain. 😉 * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [17 years, 4 months ago](https://wordpress.org/support/topic/wp-security-1/#post-937891) * My blog roll? Or www? The www links are very 1997 🙂 * [Len](https://wordpress.org/support/users/lenk/) * (@lenk) * [17 years, 4 months ago](https://wordpress.org/support/topic/wp-security-1/#post-937895) * The 5 static sites belonging to your family members listed in the post “Web Server and Security Engineering”. * > are very 1997 * Yeah, that’s why I got a kick out of them. Memories. 🙂 * To the original OP you’re not using this article as a point of reference are you, * [http://www.securityfocus.com/archive/1/499505](http://www.securityfocus.com/archive/1/499505) Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘WP SECURITY’ is closed to new replies. * In: [Alpha/Beta/RC](https://wordpress.org/support/forum/alphabeta/) * 6 replies * 3 participants * Last reply from: [Len](https://wordpress.org/support/users/lenk/) * Last activity: [17 years, 4 months ago](https://wordpress.org/support/topic/wp-security-1/#post-937895) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics