kinomuto

Hi Viper – thanks for the answer! ??

Hey Linda – just read this. Looks like you have fixed this but if you get problems on WP again then you can give me a shout. We’ve gone around the block quite a few times with this software. You can find me through TW (kino). ?? Best Nick

>i have not seen other programs put their ego (wp-) on every single file

Except of course mt- maybe it is a blog thing ??

Seriously though ongakukaku, have a go. It’s not tricky. I use TopStyle myself which has excellent support for ‘find+replace’. It highlights them in the preview window so you can check each one – there are about 300 odd in the WP code that need changing + the page names themselves.

Do make sure you only rename page names and not functions etc. That is why I suggest searching for ‘wp-‘ explicitly and not just ‘wp’.

Yes, solely relying on security through obscurity in insane. Adding it as one technique to your security defences is a worthwhile activity. Especially when, as in the case of WP, it is so easy to implement (for which I thank the developers). I don’t really see how this can be argued?

Security is all about applying layers, this is simply one such layer. Yes you can get round it, as you can absolutely *any* security layer given enough time and effort. That is the point; the crackers/spammers pick the low level fruit because it is easier. Simple as that

In case you are wondering, I’m saying this as a server admin of 7+ years. Whenever I deal with defacement or crack on a software package I can almost guarantee that they have used known footprints when installing it. You can take this to extremes, like any security measure, of course. The time you can spend securing something is almost infinite but you try to hit the big targets first in the time you have. One of these, for me, is removing the wp- prefix.

I always remove the wp- from the files. It’s very easy and takes a few minutes with a search and replace (on wp- not wp). Even with third party plugins this is an incredbly easy task. I’m a little amused as to why so many experienced people here have difficulty with it, I can only assume you have never done it. Of course if your definition of a ‘long road’ is 5 minutes work then I take that back ??

It is a good security precaution as many crackers/spammers use Google to select potential victims. For example:

https://www.google.com/search?hl=en&q=inurl%3Awp-admin

https://www.google.com/search?hl=en&q=inurl%3Amt-comment.cgi

I can tell you from experience that avoiding ‘default’ names such as phpBB for directories does deter a lot of attacks.

Another good reason for obscuring software footprints is that it deters automatic spamming scripts, or scripts run to find blogs. As in the case above they use ‘footprints’ to determine if you belong to a group.

Having known ‘group characteristics’ can also come back to haunt you in regard to search engines. They have been shown in the past to use footprints to penalise/demote a group which are becoming too prominant in the SERPS.

People are correct in saying this is not the be-all of security. It has to be applied in many layers but this is one precaution that helps (as you rightly say pizdin_dim!)

If you can not use a tool with search and replace (or even know what this means) then of course, this may be a little beyond you and it may be best stick with the defaults.

hmm like that – 404’s when submitting/editing – leading to multiple posts…

Did you have any luck with this sobr? (if you ever read this?)

Have to echo Bruce21’s comments on this forum – nice to roll your own and all that but I guess you never foresaw it getting this busy? RSS is cool but sometime an old fashioned email alert works wonders. I always get the feeling (usually after 3-4hrs of searching for something relatively simple) that vbulletin would have halved the support requests here.