Discussion:
define WP_ADMIN_DIR constant
sergi meseguer
2013-07-05 15:25:01 UTC
Permalink
hi,

I've asked in the forums about the possibility of adding the admin folder
as a constant, ie WP_ADMIN_DIR:
http://wordpress.org/support/topic/wp-admin-constant

Been directed to contribute to the Core. The problem is, even if I made the
changes to Core, would they be accepted as a contribution? According to
this thread in 2011, NO:
http://lists.automattic.com/pipermail/wp-hackers/2011-June/039780.html

Is the official answer still (2013) to keep out of this? If the answer is
no, is there an official or recommended way to obfuscate wp-admin location?

Thank you
Sergi
John Blackbourn
2013-07-05 15:52:21 UTC
Permalink
Post by sergi meseguer
Is the official answer still (2013) to keep out of this? If the answer is
no, is there an official or recommended way to obfuscate wp-admin location?
The answer still appears to be no. Security by obscurity is still not
real security.

The most recent discussion on this topic can be found here:
http://core.trac.wordpress.org/ticket/24673. See in particular Andrew
Nacin's comment on that ticket, and previous discussion on the related
tickets (http://core.trac.wordpress.org/ticket/15289,
http://core.trac.wordpress.org/ticket/13118,
http://core.trac.wordpress.org/ticket/7194).

John
Andrew Nacin
2013-07-05 16:02:46 UTC
Permalink
And if you wanted to, you could filter URLs (everything goes through
admin_url() etc) and then just do rewriting manually at the server (i.e.
nginx, apache) level. This basically already occurs in multisite, to
rewrite /some-blog/wp-admin/ to the actual wp-admin directory. So, no need
to actually support this in core.


On Fri, Jul 5, 2013 at 11:52 AM, John Blackbourn
Post by sergi meseguer
Post by sergi meseguer
Is the official answer still (2013) to keep out of this? If the answer is
no, is there an official or recommended way to obfuscate wp-admin
location?
The answer still appears to be no. Security by obscurity is still not
real security.
http://core.trac.wordpress.org/ticket/24673. See in particular Andrew
Nacin's comment on that ticket, and previous discussion on the related
tickets (http://core.trac.wordpress.org/ticket/15289,
http://core.trac.wordpress.org/ticket/13118,
http://core.trac.wordpress.org/ticket/7194).
John
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Malte Witt
2013-07-05 19:35:58 UTC
Permalink
hey Sergi,
I also had some customers in the past who wanted a "complete" stealth wp
install.

Here is a quick link, to how I realized the wp-admin/wp-login part:
http://pastebin.com/krvfuBuU

Works fine on an empty install. As the others already pointed out,
however you realize this, it can cause all sorts of compatibility issues
later on.

Also I'm just using this for custom installs where I control the
environment. I would never make a plugin out of it. Must be a
support-nightmare if you publish a plugin that stops half of the other
plugins in the Plugin Directory from working (perhaps nearly all of the
more complex and badly coded ones :-)

Regards,
Malte
Post by sergi meseguer
hi,
I've asked in the forums about the possibility of adding the admin folder
http://wordpress.org/support/topic/wp-admin-constant
Been directed to contribute to the Core. The problem is, even if I made the
changes to Core, would they be accepted as a contribution? According to
http://lists.automattic.com/pipermail/wp-hackers/2011-June/039780.html
Is the official answer still (2013) to keep out of this? If the answer is
no, is there an official or recommended way to obfuscate wp-admin location?
Thank you
Sergi
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
Loading...