Re: WordPress Security

[clokey2k]

Strangely, the moment you enable ‘Pretty Permalinks’ feature the .htaccess is updated to the same as you suggest. ALL queries that are not to actual files are redirected to ‘index.php’.

It would be very easy to find any WordPress installation by checking image URLs, showing route to the themes folder. BUT most of the files require WordPress core functions, so unless you open the RIGHT file you won’t get any valid output.

Not sure how secure the WordPress login pages are, but I am making the assumption that it is a key area of concern for the WordPress team and there are regular updates. You’ll also read about the security strings in wp-config, which add a little more randomness.

I will end with a question: When loading a theme in WordPress files are included by PHP, would a mod_rewrite intefer with internal page calls?

*EDIT* Also, I have used WordPress alot recently – as my PHP is a little rough at times, but have recently been introduced to CodeIgniter. CI appears to be really easy to pick up, but I will still be using WordPress for a little longer :-p