This will do nothing to improve the security of Wordpress applications. If "pirates" can read your source code, you're already screwed, either your server is very poorly configured, or there's a privilege escalation exploit somewhere and they already have root and can run any process they like. Obfuscating the source code doesn't make it any more secure, at best it's a minor inconvenience.
You can change the name of commonly targeted files like wp-login or wp-config and even leave dummies with the original names in place for script kiddies to waste their time on, but you don't need to. More effective plugins and methods to secure Wordpress exist[0], and the biggest holes are in plugins themselves.
For example:
$url = "https://api.bunkerify.com/1.0/get/" . $lic . "/" . $domain . "/bunker_wp.php";
$json = file_get_contents($url);
$result = json_decode($json);
if($result->code == 0)
{
eval(base64_decode($result->data));
(...)
[0]https://medium.com/@AmDee_Elyssa/10-wordpress-tips-to-make-y...from Hacker News - New Comments: "WordPress" http://bit.ly/2GyejXU
via IFTTT
No comments:
Post a Comment