# Access to /WP-Content and sub folders ?

We use the Pro version of WP Cerber and I have it configured as recommended.  I assume this prevents write access by unauthorised people to the /WP-Content folder and sub folders ?.

I do however see evidence of questionable/suspicious access to the subfolders :  /Themes, /Uploads and /Plugins. I have read that it is possible to basically steal valuable site IP by exporting the content of these folders. I believe that the contents of these folders can be read  by anyone ?

I have also seen that there are Plugins available to rename /WP-Content. What are the implications of doing this ?  What features would be impacted ? Would "good" bots and crawlers be adversely effected ?

We use Bigscoots (nginx) fronted by Cloudflare. I can write a firewall rule to block access to these folders (whitelist IPs allowed) in Cloudflare, but is this desirable or wise ?

Appreciate thoughts on this !

##### Post Metadata
- Posted at: over 5 years ago
- Net upvotes: 1


## Comments
### Comment 1

Thanks for your reply. It clarifies a few things and also I have been reading up on the subject on other blogs. I assume your comment about a hacker modifying files means they have to login with administrative access ?. I feel with WP Cerber and Cloudflare rules, we have that fairly securely locked down.

I do use WP Cerber scans on a daily basis to check for file changes.

I did temporarily put in a FW rule to block access to the Plugins folder. I was amazed at the thousands of hits being blocked. I&#39;ve read elsewhere that BOTs scan these folders looking for things to exploit. I also now realise that most of this activity is taking place in Cloudflare cache and not hitting our server. Also I believe our hosting company is caching this content as well as I cleared Cloudflare cache but did not see any reload from our server. WP Cerber Traffic Inspector is the tool I used most on a daily basis.

Thanks for the link. I will look into renaming the folder.

##### Comment Metadata
- Posted at: about 5 years ago



### Comment 2

Not exactly. It blocks malicious requests that may alter the website files in an unauthorized way. WP Cerber also scans the website for malware and altered files.

Anyone can read all WordPress folders and files on your website. They also can be modified with ease if a hacker finds a vulnerability. This is the nature of WordPress. In part, it&#39;s why WordPress became so popular. With WordPress, an average website owner does not need to know how to configure permissions on the website since WordPress does not handle anything related to permissions. Everything you need to do is unpack the archive and run the &quot;famous 5-minute installation&quot; script. That&#39;s it. And that&#39;s partly why millions of websites were or will be hacked.

Yes, you can, and we recommend renaming the wp-content folder. Only outdated plugins can be affected. Know more: https://www.hongkiat.com/blog/renaming-wordpress-wp-content-folder/

I wouldn&#39;t recommend using Cloudflare to block access to those folders. Some plugins will not work correctly.

##### Comment Metadata
- Posted at: about 5 years ago
- Author title: Keep moving forward




## Related Product
[Cerber Security, Antispam &amp; Malware Scan](https://www.g2.com/products/cerber-security-antispam-malware-scan/reviews)

## Related Category
[Website Security](https://www.g2.com/categories/website-security)

## Related discussions
- [How well does Trello scale into a larger team?](https://www.g2.com/discussions/1-how-well-does-trello-scale-into-a-larger-team)
  - Posted at: about 13 years ago
  - Comments: 6
- [Can we please add a new section](https://www.g2.com/discussions/2-can-we-please-add-a-new-section)
  - Posted at: about 13 years ago
  - Comments: 0
- [Quantifiable benefits from implementing your CRM](https://www.g2.com/discussions/quantifiable-benefits-from-implementing-your-crm)
  - Posted at: about 13 years ago
  - Comments: 4


