My good friend Ozh has written an article entitled, What Plugin Coders Must Know About WordPress 2.6. It is a good read if you are a plugin developer for WordPress.
Both of us have came to a conclusion that if you move your /wp-content/ folder to elsewhere, you may need to manually specify the path to wp-config.php in the respective plugins that make use of them as there is no 100% way of guessing the path to wp-config.php.
So my recommendation is DO NOT MOVE the /wp-content/ folder. It is OK to move wp-config.php to a level higher, but try not to touch /wp-content/.
With regards to my plugins, I will release a .01 update bringing the version to 1.31 and 2.31 for the respective plugins. This update will make sure that the plugin will work for BOTH WordPress 2.5 and WordPress 2.6. That is right, I will maintain backward compatibility with WordPress 2.5 for the next update as WordPress 2.6 is just a minor release.
When WordPress 2.7 comes out in November 2008, I will bump all the versions to 1.40 and 2.40 respectively and I will remove the backward compatibility feature to WordPress 2.5.
(37 votes, average: 3.86 out of 5)
Hi Lester – this new WP 2.6 feature is a good idea, and will make it more difficult for hackers to do their stuff, even if it will give plugin developers, like you, a headache.
How about writing plugin that will check all installed plugins and modify their paths as necessary? People upgrading to WP 2.6 would love this I’m sure.
All the best,
Alex
PS Your plugins are extremely useful.
Hi Alex,
You can hardened your WordPress installation without the need to move your wp-config.php or even /wp-content/ folder.
I can’t do that as it will require all plugins to be CHMODed 777 which is insecure.
Lester – hardening your WP installation is certainly possible, via .htaccess, for example, but for the majority of WP users, I suspect, creating the right .htaccess entries is not easy.
Plugins which do all the hard work would be useful and appreciated by those who are not experts like yourself.
Even the concept of CHMOD is beyond many – and this is why WP is so hackable – it’s easy to install and use, but simply installing and using is not enough from a security point of view.
In my opinion, either WP needs to have obvious security measures built in, or plugin developers need to build more security related utilities. There are a few, and I use some – but I’m no expert, so I fear becoming the victim of a hacker, even if I run auto-backups and the like. I think I am in a minority.
To an extent, the future of WP is in the hands of people like you!
Best regards,
Alex
Acutally I would suggest to rename wp-admin, wp-content folder instead of moving them. Like giving them custom name