Opened 5 years ago
Closed 5 years ago
#52973 closed defect (bug) (duplicate)
Consider changing "admin-ajax.php" files location
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 5.7 |
| Component: | Security | Keywords: | |
| Focuses: | administration | Cc: |
Description
Hey there,
I'm working with WordPress since 2010 and noticed that the admin-ajax.php file is located under the wp-admin folder. Everything was just fine. But the problem begins when admin_url() function showed up the directory on the source code.
like this:
example.com/wp-admin/admin-ajax.php
I think this file (admin-ajax.php) directory or admin_url function might be considered. Let me explain why.
When a large company or a business website is created with WordPress, it is quite vulnerable. Any hacker at the intermediate level is able to grab sensitive data with access to the website.
So then the clients consider the security aspect of the website. We work to protect the website from hackers by hiding the CMS from the site created by WordPress and by securing many more things. But since the directory of this file is visible in the source code, it is not easy for many to hide the CMS completely.
And since the theme/plugin developers use this file through the admin_url() function, it is necessary to change the default output of this function (url/wp-admin/) or the directory of the admin-ajax.php file considering the security aspect.
Technology growing up day by day. This simple directory leaks the CMS and newbie developers are get suffering.
Please think about this. Hope this file system will be patched in the next update soon.
Thank you.
Hi there, welcome to WordPress Trac!
Thanks for the ticket, we're already tracking this feature request in #45022 and #12400.