-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
Change Wordpress wp-admin folder
- Thread starter Thor
- Start date
BradleyKZN
Expert Member
You should be able to change the name of the folder, and then edit the wp-config file with that new folder name.
Truth be told: you shouldn't have to secure a CMS installation. It should already be secure.
That said, you can try iThemes Security - I landed up using it on one of my sites to obscure access to that folder. It simply allows you to change the URI you use to access the admin panel, and then throws a 404 when you hit wp-admin.
Again, that said, I have begun moving that particular site from WP to PW (which is not backwards, it's 'frontwards'
).
That said, you can try iThemes Security - I landed up using it on one of my sites to obscure access to that folder. It simply allows you to change the URI you use to access the admin panel, and then throws a 404 when you hit wp-admin.
Again, that said, I have begun moving that particular site from WP to PW (which is not backwards, it's 'frontwards'
).Not if some script kiddie is hitting that directory with a brute force attack. it slows down the service/site significantly. I had to add directory username/password so anyone visiting gets prompted, but this is also resource intensive as it's htaccess based. Cloudflare helps negate some of the traffic if it's a known spammer, but it's murder on a shared hosting account, so the OP is right to check if he can change that directory.
The same goes for a new server you spin up, the IP address is more than likely going to be hit hard by a brute force on "root" or "admin" on the standard 22 port. Does that mean the OS isn't secure? No. It means you need to tighten security, disable root login, add SSL certs for secure login, change the default port to stop the attack entirely as to not push your limited server resources over the edge while trying to serve your clients etc.
Truth be told: you shouldn't have to secure a CMS installation. It should already be secure.
That said, you can try iThemes Security - I landed up using it on one of my sites to obscure access to that folder. It simply allows you to change the URI you use to access the admin panel, and then throws a 404 when you hit wp-admin.
Again, that said, I have begun moving that particular site from WP to PW (which is not backwards, it's 'frontwards'
True and I am not a WordPress fan at all in fact I am not a theme supporter either.
However in this particular instance I have a idea for a cute site for the kittens and a specific blank WordPress template I have used in the past was more a go to as I am not sure about process wire yet.
I read about them and by far they are the better decision but not haven used them before I didn't want to waste potential time learning a new platform for this specific idea.
How is process wire regarding themes etc?
I see.
It's a very interesting system that gives you the flexibility that not many systems out there can give you. There's no 'blog' and 'pages' built right in - everything technically is a 'Page' (note the capital P). You create Templates that map to template files and contain Fields (as many as you like, with many to choose from). You then create pages in the Page Tree that use particular templates. This method gives you an enormous amount of flexibility. Further, the system is very secure, and has an excellent small community that is always willing to help.
ProcessWire does not use a theming system, but rather a templating system that has great access to the ProcessWire API. Your template files go under /site/templates, and ProcessWire doesn't force a particular templating style upon you. You can use native PHP or Twig (available as a module), and you can also use a module called TemplateDataProviders to build data for use on your templates (as opposed to a functions.php file, which can get really bulky).
All fields for a particular page are provided via the $page object. So, if you wanted the page title, you'd simply use:
<h1><?= $page->title; ?></h1>
The API itself is very flexible, and follows a jQuery-like principal methodology, which makes it a breeze to find pages and get specific data.
Last edited:
Sure, but I'm talking about general software-security here. BFAs are a separate concern that's a little more server-related than software-related. From a general point of view, I believe WordPress could do much better to secure itself, like being able to easily change the URI, and not making it available as a directory.
That aside, I'm not directly saying that WordPress is insecure. So far as I'm concerned, the system is secure enough on it's own. As always, plugins cause most of the problems people face today. However, WordPress could improve the way in which it helps developers/designers secure their installations. First step would be to allow changes to the URI used to access the admin panel. That already removes a whole bunch of headaches.
Thank you for this! I will investigate this for future projects as this seems to be a way better platform especially if I have much more freedom to use PHP and create my own templates/Pages etc as I am starting to get quite a liking for PHP
Any time. Give it a test-run for a mock project - it's an excellent way of learning to get around the system. Plus, you don't need much PHP knowledge to do awesome things with it.
Have you only just started with PHP?
Yes Sir, but I am a fast learner and have done some amazing things thus far! A whole new world awaits me.
Side Note - any "safe" social media plug in recommendation for wordpress ( I need flickr + Facebook + Instagram ) flickr for pictures of the kittens and then I shall post on intagram too.
That's great - PW might just help you throw yourself in.
Not from my side - have never used such a plugin. I'm sure someone else can chime in on that front.
Fulcrum29
Honorary Master
You can have a look at this to add additional protection to the WordPress backend,
https://wordpress.org/plugins/wsecure/
Then you can also password protect the directory.
I'm into Drupal and Joomla, and have little experience with commercial WordPress sites, thus it is hard to assist you with plugins which are supported, compatible and light on resources.
You can have a look at Simple Share Buttons, but I don't know about Flickr... You can however have a look at the standard Flickr Widget.
https://wordpress.org/plugins/wsecure/
Then you can also password protect the directory.
I'm into Drupal and Joomla, and have little experience with commercial WordPress sites, thus it is hard to assist you with plugins which are supported, compatible and light on resources.
You can have a look at Simple Share Buttons, but I don't know about Flickr... You can however have a look at the standard Flickr Widget.
I am so afraid to just code away, because I have pretty decent share buttons that I use on my normal sites I make made myself, but wordpress is a bit iffy when sommer just adding stuff.
Currently I am looking at this:
https://wordpress.org/plugins/ultimate-social-media-icons/
They apparently have over 200 social platforms, but no where do they have a list so I can actually verify.
Another side note:
The WP installation for testing I installed it in mydomain.co.za/blog
What would be the best way to change this to be mydomain.co.za
Effectively making wordpress "live" ( the landing site )
The WP installation for testing I installed it in mydomain.co.za/blog
What would be the best way to change this to be mydomain.co.za
Effectively making wordpress "live" ( the landing site )
I'm no expert but wouldn't a simple 301 redirect achieve that?
Found the solution on WordPress's blog
I just change a view lines in config.php and move only the index file to the root ie mydomain.co.za/
Thanks. Good to know.
Is it really necessary to use so many though? Have always found it better to stick to the main ones (FB, Twitter, G+, and maybe one or two others relevant to the type of content you're working with), and not cluttering up the site with too many icons...