Remove /wp-admin and /admin redirects


#1

This is a pretty much an idea based on a security concern.

We all know WordPress is the leader in the market, and we know most of these sites are targeted by hackers. That said, I don’t feel like redirecting the traffic from /wp-admin and other admin routes to the ghost admin route is a good idea, what do you think?

Maybe the best approach to handle this is through an “option” through the config or admin side, what do you think?


#2

Yes… i think there should have option to change the admin directory.


#3

I agree. On other sites I manage I see lots of speculative attempts to find admin directories of the most popular forums and blogging platforms. I don’t see anyone directly trying to hit /ghost (yet), but I’d be happy to see no redirects to it from the obvious hack entry points.


#4

Opened a PR to fix this:


#5

@m1guelpf you missed to remove /admin as well. I added a few comments to your PR.


#6

I did that in propouse, as I think removing only the Worpress redirect has a bigger change to be merged. Once (if) that get’s pulled in, I’ll make another PR for the other redirect.