Comments on: WordPress anti-spam recipe http://docwhat.gerf.org/2007/08/rename-wp-comment-post/ Some men are discovered; others are found out Thu, 28 Aug 2008 03:28:28 +0000 http://wordpress.org/?v=2.6.1 By: docwhat http://docwhat.gerf.org/2007/08/rename-wp-comment-post/#comment-2217 docwhat Thu, 30 Aug 2007 15:09:17 +0000 http://docwhat.gerf.org/2007/08/rename-wp-comment-post/#comment-2217 So, the downside to this is that you need to add exceptions for things like <a href="http://www.ttancm.com/2007/05/19/wp-amazon-for-wp-21-22/" rel="nofollow">wp-amazon (ttancm version)</a>. In addition, if you have rewrite rules for using <a href="http://haris.tv/2007/04/24/admin-ssl-new-wordpress-plugin/" rel="nofollow">wp-admin-ssl</a>, you'll have to modify them so that <tt>wp-content/plugins/wp-admin.php</tt> is accessible via https. Finally, there is a <a href="http://comox.textdrive.com/pipermail/wp-hackers/2007-August/013887.html" rel="nofollow">thread</a> on the wp-hackers mailing list about the idea of hiding /wp-content files. Specifically, Otto has <a href="http://comox.textdrive.com/pipermail/wp-hackers/2007-August/014076.html" rel="nofollow">several good reasons</a> why hiding wp-contents makes no difference, since it hackers won't scan for a plugins, they scan for vulnerabilities. Except for inactive plugins, it doesn't matter if someone can scan for a plugin. Ciao! So, the downside to this is that you need to add exceptions for things like wp-amazon (ttancm version).

In addition, if you have rewrite rules for using wp-admin-ssl, you’ll have to modify them so that wp-content/plugins/wp-admin.php is accessible via https.

Finally, there is a thread on the wp-hackers mailing list about the idea of hiding /wp-content files. Specifically, Otto has several good reasons why hiding wp-contents makes no difference, since it hackers won’t scan for a plugins, they scan for vulnerabilities.

Except for inactive plugins, it doesn’t matter if someone can scan for a plugin.

Ciao!

]]>