richt
1
This morning I have had a client ask whether it’s a smart idea to rename site/wp-admin to site/wp-custom for enhanced security.
I know the Bedrock template improves security but does it does something in particular that makes renaming wp-admin redundant?
evance
2
I personally don’t see any benefit by renaming the wp-admin
-slug – and that would prove pretty ‘hacky’ as well I guess, so IMHO, stay away from that.
What Bedrock does:
Isolated web root to limit access to non-web files and more secure passwords through wp-password-bcrypt.
Other than that there are a plethora of other settings to actually harden security, just to name a few:
- Enable 2FA (f.ex. via this plugin)
- Limit the login attempts & block suspicious IPs
- Stay up to date…!
Also see Hardening WordPress in the WP-Codex.
2 Likes
ben
3
Is renaming wp-admin a waste of time?
Pretty much yes, it’s just security through obscurity. People love it for some reason, but at the end of the day it’s pointless.
1 Like
richt
4
Thank you. I’ve been using Wordfence since forever. I feel this is enough.