How to hide that you use Wordpress

File:WordPress logo.svg

Many people, for whatever reasons, want to hide the fact that they use Wordpress. Two methods to do so are described below.

A Plugin to Change WP-Content

If you want to change your wp-content folder, you can use this plugin. You won't find it on the Wordpress repository - it's something that I made for myself, but I will share it online for you, too. The benefit of this plugin is that it takes exactly one click to get the entire job of renaming your wp-content directory done. Feel free to send me a short tweet to let me know how it works for you. However, if it doesn't work for you and your site goes "blank", contact me quickly via Twitter, before you take any drastic measures (like deleting wp-config.php or something.) Nothing horrible has happened, and your blog isn't dead, it just means that you have a theme or plugin that references "wp-content" specifically, and it's causing the site to crash. All you have to do in this case is rename the folder back to "wp-content", and remove one or two lines near the bottom of wp-config.

How Do I Rename WP-Content Myself?

For one, add this to your wp-config file, at the bottom, just before wp-settings.php are included:
define ( 'WP_CONTENT_FOLDERNAME', 'media' );
define ( 'WP_CONTENT_DIR', ABSPATH . WP_CONTENT_FOLDERNAME );
define ( 'WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/' );
define ( 'WP_CONTENT_URL', WP_SITEURL . WP_CONTENT_FOLDERNAME );

Then, simply rename your directory from wp-content to "media"

Why Remove Traces of Wordpress?

A lot has been said about the security flaws in Wordpress, and in PHP (the language in which Wordpress is written.) I definitely think that there is truth in that, and the data speak for themselves. Moreover, many people who write Wordpress themes and plugins are not particularly good coders (the barrier to entry is low), which creates further vulnerabilities on Wordpress sites. So it's not just that Wordpress might have security flaws (which it does), but all of the content stored in your wp-content directory might expose vulnerabilities, too.

Wordpress ought to take some notice of this and give some options to allow for these changes to be made. Although it would be impossible to remove all trace of Wordpress, there are some measures that will take you quite far. For example, you can rename your wp-content directory, which is usually the biggest giveaway (it's the first thing that I look for), to something such as "media" or "assets." The next problem, which has not been solved yet, is how to change the "wp-includes" directory. If you have any good ideas on that, please contact me about that on Twitter, and I'd be more than happy to see if I can make it into a plugin!

Are Traces of Wordpress Really a Problem?

No, it's not such a big deal. I've seen the admin area of many high profile Wordpress websites, and it would surprise (and perhaps frighten you) to know how many of them are running versions of Wordpress that are way out of date, and plugins that are not secure. Even they don't seem to get hacked. However, I've had my own Wordpress site hacked before, and the path to resolving this is definitely not worth the convenience of not updating and maintaining the security of your online software. This type of hacking can be done with simple automated tools.

Keep it secret; keep it safe!

Once you've read this post, let me know by sending me a tweet, or connecting with me on LinkedIn.