This has already been discussed many times. Please try searching the forum for similar topics.
Joomla and Drupal both offer the possibility to remove the installation folder and they is rarely mention to Joomla in the source code.
And in both cases, you can still figure out pretty fast that they’re Joomla or Drupal.
Read http://codex.ww.wp.xz.cn/Hardening_WordPress#Security_through_obscurity
This has already been discussed many times. Please try searching the forum for similar topics.
So, it’s ‘shame’ that over many discussions such features haven’t been considered! It’s also shame to let amators getting information easily to hack WP.
And in both cases, you can still figure out pretty fast that they’re Joomla or Drupal.
How?
Not as fast as you think! Anyway, not so easy for the most of users!
There are a lot of sites that you can’t guess they are made with Joomla and Drupal!
You know, more and more WP is used by kids and amators, so they enjoy with blogging and hacking! Adding an additional secure layer against those amators would then be highly appreciable.
This is not the case for Joomla and Drupal. This is maybe assoiciated with the start point of WP as blogging tool, but now WP should in my opinion evolve and offer more professional capabilities.
That is, WP doesn’t need to be ‘advertised’ in the source code!
“Advertsing” in the source code is only useful for hackers, not for customers or people! Ordinary people don’t look there! It won’t promote using WordPress, if you think so! Rather, it is the quality and features, the customization and security levels.
Do you really think that you are well advertising WP in the source code, with admin, content, plugins, themes names and so on…?
Not as fast as you think! Anyway, not so easy for the most of users!
Yes but … those aren’t the users you’re worried about, now, are they?
There are a lot of sites that you can’t guess they are made with Joomla and Drupal!
Sure I can. With a script, or even a glance at their source code, I can do it, and the problem is that if I can script it, so can anyone else. Heck, there’s a bloody Chrome addon that auto-detects for you! Boom. Done.
I’m not saying it’s not a problem, people knowing what you’re running, I’m saying that if I had to put paid effort to making it ‘easier’ to hide what I’m running or making things actually more secure with better code… I pick option B 🙂
those aren’t the users you’re worried about, now, are they?
I meant that, because the security level in Drupal and Joomla is so high, that most of users can’t guess it easily.
While with WP press, it is easy.
Yourself you said it, you need to script to know it but wit WP no need to script, a simple click and hop, we get it!
Anyway, WordPress would be a great CMS and professional-oriented if it has the secure level that Drupal and Joomla have.
In other word, a CMS will be great if it has the user-friendly of WordPress and the security levels of Joomla or Drupal.
So, if you make WP more, or at least as secure as Joomla and Drupal, it will really be the CMS of choice, even for professionals!
Didn’t you wonder why not so much professionals choose WP for their business compared to Joomla or Drupal?
I think for 2 reasons:
1) the professional look they have (though this is a subjective criteria..).
2) and more importantly, for their secure level.
I think you have the possiblity to make WP much more secure and attractive than it is currently, but obviously you don’t want, because you are “proud” of WP and you want to advertise it in the source code at all costs!
If I was a developer, I’ll mix up the facility of WP with the professional side of Joomla in one CMS! I’d make WP with the same, if not more, secure level as Joomla and Drupal, and I’d forget to advertise it in the source code, especially after you have got 75millions of users! So, it’s is well know now and doesn’t need much more ads!
Now, it’s time to focus on its security level to distance other outstanding CMS!
In summary, I like WP for its facility and user-friendly, but I’d prefer Joomla and Drupal for their porfessional and security aspects.
Cheers!
I meant that, because the security level in Drupal and Joomla is so high, that most of users can’t guess it easily.
While with WP press, it is easy.
Y’know, ‘easy’ is really subjective. See it’s easy for me to figure out which one it is, and frankly, I’m the ‘skill level’ you should worry about 😉
Didn’t you wonder why not so much professionals choose WP for their business compared to Joomla or Drupal?
No, I didn’t. Because just as many professional companies use WP as Joomla or Drupal.
Look, you can remove all the ‘signs’ that you’re running WP with plugins, or even some built in defines, if you want. But that doesn’t make WordPress more or less secure than it was before you moved anything. WordPress is just as secure as Joomla and Drupal 🙂 It’s just as safe, it’s just as vulnerable.
Besides, all the source code is open! You could download and see exactly how WP does things, and search for that.
You’re suggesting we do ‘feel good’ security theater. And pretty much we disagree. That’s a waste of time and doesn’t help from the people you really should be worried about.
frankly, I’m the ‘skill level’ you should worry about 😉
I know, I know, Peace, Peace, peace!
I have no money, no company, no house no car, no women no no… I’m a poor man, having nothing to hack, don’t waste you time to hack me..
Besides, all the source code is open! You could download and see exactly how WP does things, and search for that.
I’m not a developer to digg with! If I was, I’d do it!
This is why I’m concerned about WP security because I’m not a developer and I don’t know how to enhance its level. It’s sure that a developer would know how to avoid vulnerability and enhance security but for non-developers it is out of their hand.
Look, you can remove all the ‘signs’ that you’re running WP with plugins, or even some built in defines, if you want. But that doesn’t make WordPress more or less secure than it was before you
moved anything
How is that? Of corse it will! It will harden WP and make it more secure, sure; especially it is an open source tool and its code is available for all..
This looks like for a house. When there is no key plug on the door or we don’t know the address, that doesn’t mean that no body can find it or stole it, but it simply means it will be harder and you will need much more time and tools before you give up!
Hardning the level is always appreciable by users, isn’t it?
Professional sites don’t make it for fun! There is a reason, isn’t there?
Do you have a professional website? Is it created with WordPress? 😉
I would recommend reading this to understand the prevelant viewpoint of WP when it comes to security by obscurity (i.e. the ‘let’s hide it!’ approach): http://ww.wp.xz.cn/news/2009/09/keep-wordpress-secure/
Also… Professional sites using self hosted WP: http://ww.wp.xz.cn/showcase/
Important sites? Nokia. Pepsi. eBay. Lots of universities.
Professional sites using WordPress.com: http://vip.wordpress.com/clients/
Some big names there. CNN. UPS. Lots of CBS local sites.
Good, this goes in the same direction I’m talking about! None of those sites shows that they use WordPress! Why?
Are they shamed to use WordPress or for security reason…?
What is the difference between WordPress.com and ww.wp.xz.cn?
How could I beleive you if there no mention to WordPress in there source code? 😉 !
And why they hide it? ashamed?
Nonsense! Can you view source on http://conversations.nokia.com/ & look for the generator meta tag? It says WordPress quite clearly.
To see who’s using WordPress look at http://ww.wp.xz.cn/showcase/
Nonsense! Can you view source on http://conversations.nokia.com/ & look for the generator meta tag? It says WordPress quite clearly.
This is not the main Nokia website!
It is a subdomain or a blog of one their fans or users!
What about http://www.nokia.com ?
No one suggested Nokia were using WordPress for their main website.
I’d love to hear your reasoning why you believe the Nokia conversations site is a fan site. The title bar says “Nokia Conversations: the official Nokia blog”, it is hosted on a subdomain of the nokia.com domain and the copyright notice indicates that the copyright of the site belongs to Nokia.
A subdomain still belongs to the domain name owner. A fan or user can’t just register it for his own use, even for a fan site.
For the difference between .com and. org, see http://en.support.wordpress.com/com-vs-org/
Thanks for the link.
It is logical and recommended to hide information in the source code to enhance the security of any software, not only WP! But, WordPress developers look for the “proundness” and the “advertisement”!
They want it to appear in the code at all costs and risks (except, seemingly for those who pay!).. Not so ethical…!
