Auto delete wp-config-sample.php after install

…and rename wp-admin folder

(easy and basics security…)


Read-only archive: https://petitions.classicpress.net/posts/66/auto-delete-wp-config-sample-php-after-install

Author: Yannick

Vote count: 34

Status: open

Tags:

  • request-modify-feature

Comments

Noting that this petition is attempting to address two issues, both of which are moot in terms of security.


Removing the wp-config-sample.php file in the name of security is akin to removing the version number in the name of security – both are “conventional wisdom” which are not based in fact. Some security plugins will optionally remove this file and that may lead some to believe it’s a security thing. In actuality, this provides no security enhancement whatsoever and is an example of how some plugins will continually add new “features” (ie, bloat) merely to stay fresh in your mind as you update every couple of weeks.

If anyone is concerned with this file – even though there’s no reason to be – an .htaccess (et al) rule can be used to prevent access. No core code changes required; one and done forever after.


Also, changing the admin directory provides no extra security. Unless every installation were to use a randomly generated directory name for the admin, anyone could just look at the source and see the new directory name.

3 Likes

This petition has been tagged as unactionable for the reasons outlined in the comment by James and the subsequent post by @Code_Potent. It will close automatically at 2021-03-20T20:00:00Z.

4 Likes

This topic was automatically closed after 2 days. New replies are no longer allowed.