Neither of these things will improve security. If you're concerned that outsiders may try to access the wp-admin directory, just drop an .htaccess file in there and force basic HTTP auth. This is true security, rather than security by obscurity.
Yannick
· September 18, 2018 · 22:05
i do, but many people don't !!! You right about obscurity, but is still the first step to security concept, and good for a community project !
Chris Chiotis
· September 19, 2018 · 07:35
My only concern is if there are any compatibility issues with plugins using /wp-admin/ as hardcoded url
Daniele Scasciafratte
· October 20, 2018 · 14:49
Yes the problem will be probably with all the ajax stuff because of the file admin-ajax.php inside wp-admin and many use the hardcoded version. I am more for an htaccess file inside that folder then rename it.
James Walker
· April 14, 2019 · 10:55
i'm upvoting only for the auto-delete wp-config-sample.php -- agree -- never have anything on your website that is not being used. So, one less step i have to do manually! :) But auto-rename wp-admin - no.
Jesse
· July 24, 2019 · 13:01
· edited
Bad ideas on both counts. Core CMS should not be in the business of deleting files or data, or renaming folders and files, for any reason really.
Many users here need to think more about things like web hosts, APIs, third party integration, deployment tools, etc.
The Core CMS needs to know its place, and not overstep...
Here's one example: WAF Firewalls around the world are configured to detect rules on URI patterns with /wp-admin/ and now you just broke them. And when WordPress Core (etc) updates, various humans and scripts might need to compare the freshest copy of wp-config-sample.php and now you broke them too, yikes! Always keep in mind what's going on higher up in the stack...
James Nylen
· July 25, 2019 · 03:49
Unfortunately this petition is not really usable as-is, because it covers two very different topics and we can't know which people voted for which topic.
As far as the content of the petition, deleting wp-config-sample.php doesn't really do anything concrete for security, and renaming wp-admin is likely to be a big can of worms, as mentioned above.
Neither of these things will improve security. If you're concerned that outsiders may try to access the wp-admin directory, just drop an .htaccess file in there and force basic HTTP auth. This is true security, rather than security by obscurity.
i do, but many people don't !!! You right about obscurity, but is still the first step to security concept, and good for a community project !
My only concern is if there are any compatibility issues with plugins using /wp-admin/ as hardcoded url
Yes the problem will be probably with all the ajax stuff because of the file admin-ajax.php inside wp-admin and many use the hardcoded version.
I am more for an htaccess file inside that folder then rename it.
i'm upvoting only for the auto-delete wp-config-sample.php -- agree -- never have anything on your website that is not being used. So, one less step i have to do manually! :)
But auto-rename wp-admin - no.
Bad ideas on both counts. Core CMS should not be in the business of deleting files or data, or renaming folders and files, for any reason really.
Many users here need to think more about things like web hosts, APIs, third party integration, deployment tools, etc.
The Core CMS needs to know its place, and not overstep...
Here's one example: WAF Firewalls around the world are configured to detect rules on URI patterns with
/wp-admin/
and now you just broke them. And when WordPress Core (etc) updates, various humans and scripts might need to compare the freshest copy ofwp-config-sample.php
and now you broke them too, yikes! Always keep in mind what's going on higher up in the stack...Unfortunately this petition is not really usable as-is, because it covers two very different topics and we can't know which people voted for which topic.
As far as the content of the petition, deleting wp-config-sample.php doesn't really do anything concrete for security, and renaming wp-admin is likely to be a big can of worms, as mentioned above.