WordPress.org

Make WordPress Core

Opened 2 weeks ago

Closed 2 weeks ago

#52973 closed defect (bug) (duplicate)

Consider changing "admin-ajax.php" files location

Reported by: mdsaifurrahmann029 Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.7
Component: Security Keywords:
Focuses: administration Cc:

Description

Hey there,
I'm working with WordPress since 2010 and noticed that the admin-ajax.php file is located under the wp-admin folder. Everything was just fine. But the problem begins when admin_url() function showed up the directory on the source code.

like this: example.com/wp-admin/admin-ajax.php

I think this file (admin-ajax.php) directory or admin_url function might be considered. Let me explain why.
When a large company or a business website is created with WordPress, it is quite vulnerable. Any hacker at the intermediate level is able to grab sensitive data with access to the website.
So then the clients consider the security aspect of the website. We work to protect the website from hackers by hiding the CMS from the site created by WordPress and by securing many more things. But since the directory of this file is visible in the source code, it is not easy for many to hide the CMS completely.
And since the theme/plugin developers use this file through the admin_url() function, it is necessary to change the default output of this function (url/wp-admin/) or the directory of the admin-ajax.php file considering the security aspect.

Technology growing up day by day. This simple directory leaks the CMS and newbie developers are get suffering.
Please think about this. Hope this file system will be patched in the next update soon.

Thank you.

Change History (1)

#1 @SergeyBiryukov
2 weeks ago

  • Keywords needs-patch needs-privacy-review removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome to WordPress Trac!

Thanks for the ticket, we're already tracking this feature request in #45022 and #12400.

Note: See TracTickets for help on using tickets.