[wp-hackers] Rename the wp-admin directory

Konstantin Kovshenin kovshenin at gmail.com
Fri Jun 8 07:50:47 UTC 2012


Blocking access to wp-admin might be a good idea, but don't forget that 
things like admin-ajax.php should be accessible to non-logged in users if 
your front-end (theme or plugin) is using the AJAX API which WordPress 
provides: http://codex.wordpress.org/AJAX_in_Plugins#Ajax_on_the_Viewer-Facing_Side

On Wednesday, February 29, 2012 5:12:59 AM UTC+4, zhaiz... at gmail.com wrote:
>
> Why don't you put wp-admin into a subdomain, and block the access to the 
> main domain of wp-admin?
> I use this method in one of my wordpress site, and all admin features 
> work fine. Check here 
> <http://www.zhaiziming.com/zZ/2012/put-wordpress-admin-into-a-subdomain/>.
>
> James
>
> On 2/28/2012 3:11 PM, Dion Hulse (dd32) wrote:
> > It's a public mailing list. Do whatever you want with the reply, just
> > don't take things out of context.
> >
> > On 29 February 2012 07:25, 24/7<24-7 at gmx.net>  wrote:
> >> @Dion Hulse
> >>
> >> Would you mind if I copy/paste your answer to the Q for later readers?
> >>
> >> Am Montag, 27. Februar 2012 10:02:40 UTC+1 schrieb Dion Hulse (dd32):
> >>> Put simply: You can't.
> >>>
> >>> Longer answer: You can hack around things, and get it working, but
> >>> you'll loose all ability to upgrade without issue (potentially causing
> >>> security issues thanks to running an out of date version), you'll
> >>> loose access to certain plugins that rely on /wp-admin/, you'll
> >>> potentially loose styling when images are embedded in some
> >>> stylesheets, etc.
> >>>
> >>> puclic_html/wordpress-trunk$ grep -r wp-admin * | grep -v '\.svn' |
> >>> grep -v 'wp-content' | grep '\.php'
> >>> provides 498 good reasons not to attempt it.
> >>>
> >>> I'm not saying it can't be done, I'm just saying WordPress doesn't
> >>> support it, and that it's a waste of your time attempting it.
> >>> Both from a "you can do it" perspective, AND from a security
> >>> perspective, it's going to provide little protection, given the
> >>> alternatives available (proper passwords.. SSL, .htaccess HTTP
> >>> Authentication, combination of all of the previous.. etc)
> >>>
> >>> On 27 February 2012 19:48, 24/7<24-7 at gmx.net>  wrote:
> >>>> Hi list members,
> >>>>
> >>>> I stumbled upon this Q on WPSE<
> >>> 
> http://wordpress.stackexchange.com/questions/43560/how-do-i-rename-the-wp-admin-folder-with-the-admin-url-filter#comment55078_43560
> >>>> .
> >>>> I found it interesting, but never tried it myself, so I have no 
> starting
> >>>> point to help this guy.
> >>>>
> >>>> 1) Is it actually possible to change the /wp-admin directory name?
> >>>> 2) Is it the correct way he's trying it?
> >>>> 3) Where should he start debugging?
> >>>>
> >>>> Best wishes,
> >>>> Kaiser.
> >>>>
> >>>>
> >>>> *) I'm the 2nd guy in the comments.
> >>>>
> >>>> _______________________________________________
> >>>> wp-hackers mailing list
> >>>> wp-hackers at lists.automattic.com
> >>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>>
> >>> _______________________________________________
> >>> wp-hackers mailing list
> >>> wp-hackers at lists.automattic.com
> >>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>>
> >>>
> >> _______________________________________________
> >> wp-hackers mailing list
> >> wp-hackers at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> >>
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>


More information about the wp-hackers mailing list