ClassicPress PetitionsClassicPress Petitions
This is a read-only archive. Post or comment on the live version of this page on our forums.

auto delete wp-config-sample.php after install

September 18, 2018 · 18:49 · Yannick
Description

...and rename wp-admin folder

(easy and basics security...)

Voters
+28 more
Tags
Request: Modify feature
Discussion
John

Neither of these things will improve security. If you're concerned that outsiders may try to access the wp-admin directory, just drop an .htaccess file in there and force basic HTTP auth. This is true security, rather than security by obscurity.

Yannick

i do, but many people don't !!! You right about obscurity, but is still the first step to security concept, and good for a community project !

Chris Chiotis

My only concern is if there are any compatibility issues with plugins using /wp-admin/ as hardcoded url

Daniele Scasciafratte

Yes the problem will be probably with all the ajax stuff because of the file admin-ajax.php inside wp-admin and many use the hardcoded version.
I am more for an htaccess file inside that folder then rename it.

James Walker

i'm upvoting only for the auto-delete wp-config-sample.php -- agree -- never have anything on your website that is not being used. So, one less step i have to do manually! :)
But auto-rename wp-admin - no.

Jesse

Bad ideas on both counts. Core CMS should not be in the business of deleting files or data, or renaming folders and files, for any reason really.

Many users here need to think more about things like web hosts, APIs, third party integration, deployment tools, etc.

The Core CMS needs to know its place, and not overstep...

Here's one example: WAF Firewalls around the world are configured to detect rules on URI patterns with /wp-admin/ and now you just broke them. And when WordPress Core (etc) updates, various humans and scripts might need to compare the freshest copy of wp-config-sample.php and now you broke them too, yikes! Always keep in mind what's going on higher up in the stack...

James Nylen

Unfortunately this petition is not really usable as-is, because it covers two very different topics and we can't know which people voted for which topic.

As far as the content of the petition, deleting wp-config-sample.php doesn't really do anything concrete for security, and renaming wp-admin is likely to be a big can of worms, as mentioned above.