How can I hide that I Use WordPress (with W3 Total Cache)

1 Views

For security reasons I don’t want it to be obvious that I use Word Press.
I use the W3 Total Cache plugin and minify HTML, CSS and JS. I may also use a CDN.

Is it possible to modify the W3 Total Cache plugin so that it can rewrite the WordPress directories “wp-content”, “wp-admin” and “wp-includes” without actually renaming these directories? I’d ideally like to be able to rewrite W3 Total Cache directories such as “w3tc”

Post Views: 1

Related posts

Leave a Reply

2 comments

  1. This was covered extensively in Steps to Take to Hide the Fact a Site is Using WordPress.

    The answer in that question covered renaming the wp-content and the plugin directory. If you prefer rewriting those directories you can use these functions found in the Roots WordPress theme to rewrite the directories relative to your sites root directory.

    <?php
if (stristr($_SERVER['SERVER_SOFTWARE'], 'apache') !== false) {
    function roots_htaccess_writable() {
        if (!is_writable(get_home_path() . '.htaccess')) {
            add_action('admin_notices', create_function('', "echo '<div class="error"><p>" . sprintf(__('Please make sure your <a href="%s">.htaccess</a> file is writeable ', 'roots'), admin_url('options-permalink.php')) . "</p></div>';"));
        };
    }

    add_action('admin_init', 'roots_htaccess_writable');

    // Rewrites DO NOT happen for child themes
    // rewrite /wp-content/themes/roots/css/ to /css/
    // rewrite /wp-content/themes/roots/js/  to /js/
    // rewrite /wp-content/themes/roots/img/ to /js/
    // rewrite /wp-content/plugins/ to /plugins/

    function roots_flush_rewrites() {
        global $wp_rewrite;
        $wp_rewrite->flush_rules();
    }

    function roots_add_rewrites($content) {
        $theme_name = next(explode('/themes/', get_stylesheet_directory()));
        global $wp_rewrite;
        $roots_new_non_wp_rules = array(
            'css/(.*)'      => 'wp-content/themes/'. $theme_name . '/css/$1',
            'js/(.*)'       => 'wp-content/themes/'. $theme_name . '/js/$1',
            'img/(.*)'      => 'wp-content/themes/'. $theme_name . '/img/$1',
            'plugins/(.*)'  => 'wp-content/plugins/$1'
        );
        $wp_rewrite->non_wp_rules += $roots_new_non_wp_rules;
    }

    add_action('admin_init', 'roots_flush_rewrites');

    function roots_clean_assets($content) {
        $theme_name = next(explode('/themes/', $content));
        $current_path = '/wp-content/themes/' . $theme_name;
        $new_path = '';
        $content = str_replace($current_path, $new_path, $content);
        return $content;
    }

    function roots_clean_plugins($content) {
        $current_path = '/wp-content/plugins';
        $new_path = '/plugins';
        $content = str_replace($current_path, $new_path, $content);
        return $content;
    }

    // only use clean urls if the theme isn't a child or an MU (Network) install
    if (!is_multisite() && !is_child_theme()) {
        add_action('generate_rewrite_rules', 'roots_add_rewrites');
        if (!is_admin()) { 
            add_filter('plugins_url', 'roots_clean_plugins');
            add_filter('bloginfo', 'roots_clean_assets');
            add_filter('stylesheet_directory_uri', 'roots_clean_assets');
            add_filter('template_directory_uri', 'roots_clean_assets');
        }
    }

    function roots_add_h5bp_htaccess($rules) {
        global $wp_filesystem;

        if (!defined('FS_METHOD')) define('FS_METHOD', 'direct');
        if (is_null($wp_filesystem)) WP_Filesystem(array(), ABSPATH);

        if (!defined('WP_CONTENT_DIR'))
        define('WP_CONTENT_DIR', ABSPATH . 'wp-content');   

        $theme_name = next(explode('/themes/', get_template_directory()));
        $filename = WP_CONTENT_DIR . '/themes/' . $theme_name . '/inc/h5bp-htaccess';

        $rules .= $wp_filesystem->get_contents($filename);

        return $rules;
    }

    add_action('mod_rewrite_rules', 'roots_add_h5bp_htaccess');
}

?>

    You will also need to make sure and remove the W3 Total Cache X-Powered-by headers .

    <IfModule mod_headers.c>
         Header set X-Powered-By "W3 Total Cache/0.9.2.3"
    </IfModule>

    If your going to use a CDN W3 Total Cache will use the same path structure:

    wp-content/w3tc/min/xxxxx/default.include.xxxx.css

    So you will either need to rewrite these using .htaccess on the CDN if you have access or not use minify.

  2. Hiding WordPress is possible but takes a lot of effort and is problematic with updates. Also it is the wrong solution, a better option would be to actually secure WordPress, and there are many guides/plugins that can help you do so.

    To answer your question, it does not really make much sense to use w3 total cache to rewrite directories for security.