
Protect your Wordpress wp-config.php file against pirates - bunkerify
https://bunkerify.com/blog/protect-your-wordpress-wp-config-php-file-against-pirates
======
krapp
This will do _nothing_ to improve the security of Wordpress applications. If
"pirates" can read your source code, you're already screwed, either your
server is very poorly configured, or there's a privilege escalation exploit
somewhere and they already have root and can run any process they like.
Obfuscating the source code doesn't make it any more secure, at best it's a
minor inconvenience.

You can change the name of commonly targeted files like wp-login or wp-config
and even leave dummies with the original names in place for script kiddies to
waste their time on, but you don't need to. More effective plugins and methods
to secure Wordpress exist[0], and the biggest holes are in plugins themselves.

For example:

    
    
        $url = "https://api.bunkerify.com/1.0/get/" . $lic . "/" . $domain . "/bunker_wp.php";
        $json = file_get_contents($url);
        $result = json_decode($json);
       
        if($result->code == 0)
        {
             eval(base64_decode($result->data));
             (...)
    

[0][https://medium.com/@AmDee_Elyssa/10-wordpress-tips-to-
make-y...](https://medium.com/@AmDee_Elyssa/10-wordpress-tips-to-make-your-
website-secure-133ffc35f27a)

------
chrisdouay
how does it work ?

~~~
bunkerify
deep obfuscation, and some dark box algorithms

