Security Questions

  • hi, 1st of all just want to excuse my english

    my question is why wasn’t been implemented yet the ability to change wp-admin and wp-includes, or even wp-content folders dynamicaly.
    I did not research other than wp-admin but the name of this folder is hardcoded in the script.
    I’m asking this because I was asked to do that on an install and also thinked of creating a plugin for doing so (change the admin path). So there must be a reason for that and came up with two possible reasons: no one though about this so far or this is not a wanted feature.
    Also seen some videos on wordpress.tv about security and made me wonder. If I have to develop a worpdress platform detector ( and maybe to see current theme, some active plugins, etc) it’s just as simple as looking to source code and searching for ‘/wp-‘.
    Related to this topic, thumbs up for wordpress as it can do more than blog functionalities. But it loads many stuff that , a developer , my not need. I’m talking about the widgets panel, or theme and plugin editors, and some other stuff. Just another constant to check if some some functionalities can be disabled.

    I also want to make a request: custom post types have their own table. So posts have {prefix}posts and {prefix}posts_meta, customer post type have {prefix}customer and {prefix}customer_meta. I think this will speed queryes and shrink down {posts}posts

    excuse my self if posting in wrong category or this subject has already been discussed

Viewing 6 replies - 1 through 6 (of 6 total)

  • I think it is practically impossible to hide that the site is running WordPress. I can think of 20 ways to ID the site as a WordPress install and I am sure I could come up with more.

    Whatever you rename your ‘wp-content’ folder, it is going to be revealed in the source code of every page. Whatever you rename your ‘wp-admin’ folder, it is going to be revealed in the source code of wp-login.php, though you could rewrite that page.

    I also want to make a request: custom post types have their own table.

    I’m not sure if that will speed things up much, honestly, but I am nearly positive that it isn’t going to happen. The powers that be in WordPress development seem to have a religious conviction that using fewer tables is better. I disagree.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    I wouldn’t call it religious ?? just that they like to separate data in a logical way. wp_posts has posts, pages, CPTs and (interestingly) menus. Splitting it up now would be problematic, especially if you ever wanted to move a post between the types (which you can!).

    But yes, the whole reason you can’t move wp-admin is there’s no benefit ??

    I wouldn’t call it religious ??

    ??

    With the posts/pages/custom-types I completely agree. I don’t think there is any compelling reason to break those up.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    I meant to say, you actually can move wp-content!

    https://codex.www.ads-software.com/Editing_wp-config.php#Moving_wp-content

    Just watch out. Some silly plugins are doing_it_wrong() and hard code paths when they shouldn’t. *sigh*

    Just watch out. Some silly plugins are doing_it_wrong() and hard code paths when they shouldn’t. *sigh*

    LOL… There is a whole ‘nother thread about that going on right now.

    I meant to mention that wp-content thing too, and forgot. I’ve never tried to move wp-content. When you do, is the new path revealed in the page source– say, in the path to the theme css files and theme images? Or is it obfuscated?

    Moving outside the application directory could make it tougher to exploit I suppose…

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    When you do, is the new path revealed in the page source– say, in the path to the theme css files and theme images?

    Totally visible.

    I did it on a site to move uploaded images out of root, which was fun ??

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Security Questions’ is closed to new replies.