Comments on: My Plugins With WordPress 2.6 Part 2

By: Lester Chan

Lester Chan — Tue, 08 Jul 2008 10:49:03 +0000

Acutally I would suggest to rename wp-admin, wp-content folder instead of moving them. Like giving them custom name

By: Alex

Alex — Tue, 08 Jul 2008 08:18:36 +0000

Lester - hardening your WP installation is certainly possible, via .htaccess, for example, but for the majority of WP users, I suspect, creating the right .htaccess entries is not easy.

Plugins which do all the hard work would be useful and appreciated by those who are not experts like yourself.

Even the concept of CHMOD is beyond many - and this is why WP is so hackable - it’s easy to install and use, but simply installing and using is not enough from a security point of view.

In my opinion, either WP needs to have obvious security measures built in, or plugin developers need to build more security related utilities. There are a few, and I use some - but I’m no expert, so I fear becoming the victim of a hacker, even if I run auto-backups and the like. I think I am in a minority.

To an extent, the future of WP is in the hands of people like you!

Best regards,

Alex

By: Lester Chan

Lester Chan — Mon, 07 Jul 2008 16:43:22 +0000

Hi Alex,

You can hardened your WordPress installation without the need to move your wp-config.php or even /wp-content/ folder.

I can’t do that as it will require all plugins to be CHMODed 777 which is insecure.

By: Alex

Alex — Mon, 07 Jul 2008 14:02:20 +0000

Hi Lester - this new WP 2.6 feature is a good idea, and will make it more difficult for hackers to do their stuff, even if it will give plugin developers, like you, a headache.

How about writing plugin that will check all installed plugins and modify their paths as necessary? People upgrading to WP 2.6 would love this I’m sure.

All the best,

Alex

PS Your plugins are extremely useful.