I hope you are fine today!
We try to get rid of references to a WordPress Site. We have installed Ultimate Branding already which helps to get some optical stuff running.
We tried "WP Hide & Security Enhancer"
It is a nice idea but not really working on a multisite.
It is asking you on each single Wordpress installation the same questions again to insert all custom stuff. As there is no real network install so that all values be valid actually for all sites in the Multisite makes it more or less useless.
And we also did not really get it working anyway as all references to wordpress still showed up i.e. wp-content etc.
I think probably the better way would be to enter the paths directly in the wp-config file which we moved to another place already.
Moving the wp-config file using:
<?php /** Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); /** Location of your WordPress configuration. */ require_once(ABSPATH . '../path/to/renamed-wp-conf.php');
[in the wp-config file of the main site]
Now in the config file we redirect to we have the following:
[Database Part] [Authentication Unique Keys and Salts] [WordPress Database Table prefix] /** REPAIR **/ #define('WP_ALLOW_REPAIR', true); /** DEBUG **/ // Enable WP_DEBUG mode define('WP_DEBUG', true); // Enable Debug logging to the /wp-content/debug.log file define( 'WP_DEBUG_LOG', true ); // Disable display of errors and warnings define( 'WP_DEBUG_DISPLAY', false ); @ini_set( 'display_errors', 0 ); // Use dev versions of core JS and CSS files (only needed if you are modifying these core files) #define( 'SCRIPT_DEBUG', true ); // Saves the database queries to an array #define( 'SAVEQUERIES', true ); // Enable all core updates, including minor and major: define( 'WP_AUTO_UPDATE_CORE', true ); // Enable automated plugin updates #add_filter( 'auto_update_plugin', '__return_true' ); // Enable automated theme updates #add_filter( 'auto_update_theme', '__return_true' );
What is your experience with those automated updates of plugins and themes - are they really helpful or a source for problems? when activating them they actually crash the site.
// Disable File Editor define( 'DISALLOW_FILE_EDIT', true ); // Stop uploading plugins define( 'DISALLOW_FILE_MODS', true ); /** MULTISITE */ define('WP_ALLOW_MULTISITE', true); define('MULTISITE', true); define('SUBDOMAIN_INSTALL', false); define('DOMAIN_CURRENT_SITE', 'our.domain'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('WP_HOME','https://our.domain'); define('WP_SITEURL','https://our.domain');
This gets followed by the "path" section where we try to rewrite the paths but it is actually not really working until now.
/** MOVING WP-CONTENT, WP-PLUGIN **/ /** Sets up WordPress vars and included files. */ require_once(ABSPATH . '../path/to/wp-settings.php'); define( 'WP_CONTENT_DIR', dirname( __FILE__ ) . '/our_cont' ); define( 'WP_CONTENT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/our_cont' ); define( 'WP_PLUGIN_DIR', dirname(__FILE__) . '/our_plug' ); define( 'WP_PLUGIN_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/our_plug' ); define( 'WPMU_PLUGIN_DIR', dirname(__FILE__) . '/our_mu' ); define( 'WPMU_PLUGIN_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/our_mu' );
What actually is the syntax if you are using https:// instead of http
['WP_CONTENT_URL', 'http://' . $_SERVER['HTTP_HOST'] .]
Could the Theme Folder be rewritten in the same way if yes how?
Is it WP_THEME_DIR and WP_THEME_URL?
//Added by WP-Cache Manager define('WP_CACHE', true); //Added by WP-Cache Manager define( 'WPCACHEHOME', '/home/user/domains/our.domain/public_html/wp-content/plugins/wp-super-cache/' ); //Added by WP-Cache Manager
What Cache Manager does WPMU recommend in using as they seem not have an own one.
// HTTPS for Admin Area define('FORCE_SSL_ADMIN', true); // HTTPS for Logins define('FORCE_SSL_LOGIN', true);
The above we think is a good thing as anybody right now can have at least a let's encrypt certificate running on his server.
// Keeping Post revisions (false - none) define('WP_POST_REVISIONS', 10);
To keep the size of the database somehow on a limit. Even 10 is a lot I think!
// AKISMET api-key #define('WPCOM_API_KEY','your-key'); // define Default Theme define('WP_DEFAULT_THEME', 'uf_panino');
and all is above
/* That's all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); /** Sets up WordPress vars and included files. */ require_once(ABSPATH . 'wp-settings.php');
Does anyone has a way which actually works?
The idea is to have no wp-content path nor other paths which lead back to a wordpress site showing up in the source of the site.
We also want to hide the wp-admin and wp-login.php
WP Cerper provides a good idea but it took quite long until the settings actually took place! But it is working fine for the login and providing great data about logins.
Any ideas how we best could hide stuff are appreciated.