feedburner

Enter your email address:


How to Hide WordPress Info from Your Source Code

Labels: , , ,


Includes how to rename wp-contentrename wp-admin, andremove the generator tag from WordPress.
Many people, particularly designers and web engineers for high-profiles websites, do not want users to know that they are running WordPress for their websites. For the sake of seeming like a more “hardcore” coder who doesn’t need a pre-built CMS (like, it kind of sucks when you find out that Facebook actually runs on WordPress :O ), or just for security reasons; it is a shame that it is so difficult to change the wp-content and wp-admin folder names very easily through the WordPress admin. This little tutorial will teach you how to do it in any case.
Just for the record, I don’t believe that it’s really possible, or even worthwhile to attempt, completely hiding that you use WordPress for your sites. You can do the stuff I instruct here so that the typical pretentious amateur who tries to “out” you, or hack your site, runs into some challenges, but there will always be a way find out what CMS you use if someone is dedicated enough. If you use WordPress, you use WordPress. This tutorial will change obvious evidence or indications of it in your source-code, effectively removing WordPress info from your site.

Rename WP-Content

Open up the file called wp-config in your “root” directory, and just before the last line (something about require_once), add:
define('WP_CONTENT_FOLDERNAME', 'wp-content');
define('WP_CONTENT_DIR', ABSPATH . WP_CONTENT_FOLDERNAME );
define('WP_CONTENT_URL', 'http://domain.ext/'.WP_CONTENT_FOLDERNAME); 

define('WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' );
define('WP_PLUGIN_URL', WP_CONTENT_URL.'/plugins');
Now you must change “domain.ext” to whatever is your domain – for me, that is “pythoughts.com”. Then, you can change “wp-content” to whatever you want your content file to be. I like to use “media”, because I think that’s both relevant and quite unique, but obviously this is your prerogative.
Make sure that everything still works, especially your plugins. If your plugins do not work after this, you need to edit them – you can do this in the WordPress admin by looking around in the Plugins page. Obviously what needs to change is any references to “wp-content”.
Edit from Andrew (see comments) – For WordPress v3.13: “What I did is edit the file default-constants.php located in /wp-includes/, replacing all “wp-content” to my desired folder name (need to rename the folder of course), and all works like a charm.”

Rename WP-Admin (and make login.php inaccessible)

There are two ways to do this. The long way is to hack your .htaccess file to do redirections, etc. and block out direct access to login.php. The easier method is to install and very cool little plugin, made by Devbits, called “Stealth-login”. I use this plugin on some of my sites, and it works! Which is fantastic.
So you can download that here.

Remove the WordPress Generator Tag

The bit of code that you want for this is simple:
remove_action(‘wp_head’, ‘wp_generator’);
There are a few places you can do this, but I would recommend adding it to thefunctions.php file in your theme. So open that up, make sure that you have your
And that is that.
Please let me know if A) this was useful to you, B) You know of any plugin that does all of this stuff, or C) You think that I should make a plugin that does all of this automatically. You should also of course tell me if you perceive a danger is doing this, or if you think that there is a more effective method. Or if you have any questions.
Otherwise, thank you for your time :)



0 comments:

Post a Comment

DISCLAMIER

This Blog does NOT encourage or train someone to perform potentially harmful or illegal activities such as Black hat hacking or cyber crime. The Tips and Tricks provided in this blog are founded by me and some of them are inspired from other blogs and websites. The purpose of all the information provided in this blog is to just make people aware of the security threats and providing them the means to handle them. All the information provided in this blog is only for personal troubleshooting and NOT for performing illegal activities like breaking down in someone's system or server. ramtele.blogspot.com is NOT responsible if anyone breaks the law or does whatever using the techniques mentioned in this blog.Maximum care have been made to provide correct informations in this blog.Still if there occurs any loss due to wrong informations in our blog,we are not responsible for that.