What files to delete for security

  • Once I have successfully installed wordpress, what files do I need to delete to secure the installation? install.php? config.php?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Good question, too bad that nobody answered. Using Google I ran into this:

    # Quix0r Says:
    September 20th, 2007 at 9:01 pm

    I have heart that some files in wp-admin have security leacks. So on my blog I have moved these files to a safer location (/root/blog/):

    import.php
    inline-uploading.php
    install.php
    link-import.php
    plugin-editor.php
    templates.php
    theme-editor.php
    upgrade.php

    If you don’t need to edit themes or plugins from your blog then remove them. ?? They are exploited already.

    Hope that helps you.

    Roland

    Moderator James Huff

    (@macmanx)

    The list quoted above refers to an older version of WordPress and much older security exploits. As of v2.3.1, all know security exploits have been resolved. If you stay up-to-date, you should be fine, but if you want an extra blanket of security, you’ll want to delete any file which makes a massive change to the database and is not necessary for the day-to-day operation of your blog. Given that, I would delete: /wp-admin/import/ , /wp-admin/import.php , /wp-admin/install-helper.php , /wp-admin/install.php , /wp-admin/upgrade-functions.php , /wp-admin/upgrade.php .

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘What files to delete for security’ is closed to new replies.