I have never heard about a hacked blog because of the name of that folder (and I’ve spent quite a long time around here).
However, I have seen a lot of hacked blogs because:
– week passwords
– files with world wide writable permissions (aka editing themes online)
– insecure plugins
Thank’s for your reply. I already found the solution.
Here some of my concern:
-Hacker know our main username is ‘admin’ (which can’t be deleted)
-Hacker know if we powered by wordpress, our main editing website address is “http://our_domain_name/wp-admin/”
*Now hacker just need to do is to crack password 🙂
If we able to change the folder name and admin username, it will reduce our risk.
I just hope that wordpress able to solve this issue on their next update.
Thank you for your support. 🙂
You can just rename index.php within wp-admin folder into anything else (i.e.: login.php)! It works.
For admin login use the path: http://www.yoursite.com/wp-admin/login.php 😀
that’s a solution to *a* problem, but not *this* problem.
securing the wp-admin folder and renaming it are not the same thing. It should be possible to do BOTH.
Interesting idea, of course from my experience of hacking through the WP code, there is an awful lot of hardcoded references to the admin folder.. But I don’t know that much about WP so maybe. Since the result of moving wp-admin to wp44-admin would be they would start using bigger guns and attacking everywhere, it might be better for the server resources if WP developers just added a lock-out after so many attempts.
The problem that I have seen in the past with that type of setup is when they build it all into the database.. whcih effectively just gives you a slower site.
One way you could make apache and WP do this is by having .htaccess code that denies access based on the value or presense of a cookie, which mod_rewrite can see in the Set-Cookie HTTP header. So after 10 bad login attempts the login script stops providing the robot with the correct cookie, thus locking them out.
there is an awful lot of hardcoded references to the admin folder.. But
there is one line perl command that can recursively grep all files for a word and replace that word with another word — its not THAT hard to do.
