Change wp-admin into another name

  • Resolved legendchew

    (@legendchew)


    17 years, 5 months ago

    Hi, is the any possible way to change the wp-admin into another name? I feel very unsecure using the wp-admin since everyone having the same. It will be easily hack by hacker.

Viewing 9 replies - 1 through 9 (of 9 total)

  • I have never heard about a hacked blog because of the name of that folder (and I’ve spent quite a long time around here).
    However, I have seen a lot of hacked blogs because:
    – week passwords
    – files with world wide writable permissions (aka editing themes online)
    – insecure plugins

    Thread Starter legendchew

    (@legendchew)

    Thank’s for your reply. I already found the solution.

    Here some of my concern:
    -Hacker know our main username is ‘admin’ (which can’t be deleted)
    -Hacker know if we powered by wordpress, our main editing website address is “https://our_domain_name/wp-admin/”

    *Now hacker just need to do is to crack password ??

    If we able to change the folder name and admin username, it will reduce our risk.

    I just hope that wordpress able to solve this issue on their next update.

    Thank you for your support. ??

    what was the solution?

    to stop wanting it.

    You can just rename index.php within wp-admin folder into anything else (i.e.: login.php)! It works.

    For admin login use the path: https://www.yoursite.com/wp-admin/login.php ??

    There is also another solution:
    https://www.ads-software.com/extend/plugins/askapache-password-protect/

    that’s a solution to *a* problem, but not *this* problem.

    securing the wp-admin folder and renaming it are not the same thing. It should be possible to do BOTH.

    Interesting idea, of course from my experience of hacking through the WP code, there is an awful lot of hardcoded references to the admin folder.. But I don’t know that much about WP so maybe. Since the result of moving wp-admin to wp44-admin would be they would start using bigger guns and attacking everywhere, it might be better for the server resources if WP developers just added a lock-out after so many attempts.

    The problem that I have seen in the past with that type of setup is when they build it all into the database.. whcih effectively just gives you a slower site.

    One way you could make apache and WP do this is by having .htaccess code that denies access based on the value or presense of a cookie, which mod_rewrite can see in the Set-Cookie HTTP header. So after 10 bad login attempts the login script stops providing the robot with the correct cookie, thus locking them out.

    there is an awful lot of hardcoded references to the admin folder.. But

    there is one line perl command that can recursively grep all files for a word and replace that word with another word — its not THAT hard to do.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Change wp-admin into another name’ is closed to new replies.

Tags