#!/bin/sh # # Wordpress Securify v1.0b # Author: David Kierznowski (david.kierznowski_at_gmail.com) # http://michaeldaw.org # # Tested on: Linux 2.6/Wordpress 2.0.5 # # DISCLAIMER: # This is BETA software use it at your own risk. # It is strongly recommended that you backup your # WordPress directory before using this tool. # # Changelog: # v1.0b # Added Pre-Check functions to prevent overwriting important values. # Added file/directory permission check # Added function to change filenames with wp- extension. # Added additional sanitity checks. # # Credits: # Kafkaesqui # - http://wordpress.org/support/topic/32764#post-185346 # # # # User Preferences can be selected here. # # New name of your wp-admin directory and admin css. # Note: The admin.css file must match the name of NEW_ADM_DIR. # If you intend to alter these values, becareful to select # unique names that will not conflict with code functions etc. # NEW_ADM_DIR="CHANGEME"; # New name for wp-admin NEW_INC_DIR="CHANGEME"; # New name for wp-includes NEW_CON_DIR="CHANGEME"; # New name for wp-content NEW_F_NAME="CHANGEME"; # Change prefix of your filenames WPDIRS="wp-admin wp-includes wp-content"; # # End of User Preferences. # #PROGNAME=$0; PROGNAME="wp-securify.sh"; PATTERN="$NEW_ADM_DIR $NEW_INC_DIR $NEW_CON_DIR $NEW_F_NAME"; echo "WordPress Securify v1.0b"; echo "http://michaeldaw.org/projects/wp-securify/"; echo for DIR in $WPDIRS do if [ ! -d $DIR ]; then echo "ERR: No directory named $DIR, check your path."; echo "WordPress Securify must run from the root of your WordPress directory."; echo "It is strongly recommended that you backup your entire directory before running this tool."; echo exit; fi done if [ $NEW_ADM_DIR == "CHANGEME" ]; then echo "ERR: Default preferences used."; echo "It is recommended that you use your own directory names."; echo "NEW_ADM_DIR, NEW_INC_DIR and NEW_CON_DIR require unique names."; echo exit; fi # exit; # We will verify that your direcory names are valid and # are not being used by other applications. echo -n "*** Pre-Install Check: "; for PAT in $PATTERN do # for DIR in $WPDIRS # do OCCUR=`grep -R $PAT * | grep -v $PROGNAME | wc -c` # echo "Checking [$PAT] $PROGNAME]"; if [ $OCCUR -gt 2 ]; then echo "Fail"; echo -n "[$PAT] is already being used by the application. Please change the name."; echo;echo exit; fi # echo "Done"; done # done # echo echo "Done"; # Check file and directory permissions for 777 echo -n "*** Check file and directory permissions: "; PERMFILES=`find . -perm -7` PERM=`find . -perm -7 | wc -c` if [ $PERM -gt 1 ]; then echo "Fail"; echo echo "The following files/directories are 'writable' by everyone!"; echo $PERMFILES; echo fi echo "Done" echo -n "*** Removing default content: "; RM=`rm -rf *.txt wp-admin/install*.php wp-admin/upgrade*.php readme.html wp-config-sample.php`; echo "Done" echo -n "*** Renaming default directories...(This may take a minute): "; # rename wp-admin WPFILE=`find . -name "*.php"`; for I in $WPFILE do cat $I | sed s/wp-admin/$NEW_ADM_DIR/g > $I.old; mv $I.old $I; done; mv wp-admin $NEW_ADM_DIR ; # rename wp-includes WPFILE=`find . -name "*.php"`; for I in $WPFILE do cat $I | sed s/wp-includes/$NEW_INC_DIR/g > $I.old ; mv $I.old $I 2> /dev/null; done; mv wp-includes $NEW_INC_DIR; # rename wp-content WPFILE=`find . -name "*.php"`; for I in $WPFILE do cat $I | sed s/wp-content/$NEW_CON_DIR/g > $I.old ; mv $I.old $I ; done mv wp-content $NEW_CON_DIR ; echo "Done"; echo -n "*** Changing filename wp-admin.css to $NEW_ADM_DIR.css: " ; if [ -e $NEW_ADM_DIR/wp-admin.css ]; then mv $NEW_ADM_DIR/wp-admin.css $NEW_ADM_DIR/$NEW_ADM_DIR.css ; else echo "Fail"; echo "There was a problem moving the wp-admin stylesheet (check manually)"; echo fi echo "Done" # This may cause compatibility problems with some plugins. echo -n "*** Remove WordPress Version: "; if [ -e $NEW_INC_DIR/version.php ]; then cat $NEW_INC_DIR/version.php | sed s/[0-9]\.[0-9]\.[0-9]/x.x/g > , ; mv , $NEW_INC_DIR/version.php ; else echo "Fail"; echo "ERR: Failed to find/write to file: $NEW_INC_DIR/version.php"; fi echo "Done" # Change Filenames # Check pwd for "wp-" pattern echo -n "*** Changing Filenames with wp- Prefix (contents): "; PWD=`pwd | grep -o wp- | wc -c`; if [ $PWD -gt 2 ]; then echo "Directory name will cause our pattern match to fail. Exiting."; echo; exit; fi # Get all files, search in files and replace with new filename. WPFILE=`find . -name "*.php"`; for I in $WPFILE; do # cat $I | perl -e '@a=<>; # foreach $line (@a) { # print "$1\n" if ($line =~ /(\w+.php)/); }' cat $I | sed s/wp-/$NEW_F_NAME/g > $I.old ; mv $I.old $I; done echo "Done"; # Get all files, match wp- and replace with WPEXT echo -n "*** Changing Filenames with wp- Prefix (filename): "; WPFILE=`find . -name "wp*.php"`; for I in $WPFILE; do FILE=`echo $I | sed s/wp-/$NEW_F_NAME/`; mv $I $FILE; # echo $FILE $I ; done # Add prefix to filenames (content) # find wp-includes -name "*.php" | grep -v \/wp- # WPFILE=`find wp-includes wp-admin wp-content -name "*.php" | grep -v \/wp-`; # #for I in WPFILE; do # EXPR=`echo $I grep -o "\/*[a-zA-Z0-9_-]*.php" | sed s/^\\///g`; # #cat $F | sed s/$I/$NEW_F_NAME/g > $I.old ; # #mv $I.old $I; # echo $WPFILE $I # done # Add prefix to filenames (files) echo "Done"; # fix functions.php wp-main bug. # cat $NEW_INC_DIR/functions.php | sed s/mdf>main cat $NEW_INC_DIR/functions.php | sed s/mdf\>/wp-\>/g > test.txt; mv test.txt $NEW_INC_DIR/functions.php; echo echo "Please take NOTE:" echo "+ You may also need to make a directory change in the database via the admin interface:" echo "Goto site-admin/miscellaneous" echo "+ This tool removes the WordPress version. Some plugins requiring this may fail. You can change" echo "this back by editing: $NEW_INC_DIR/version.php" echo echo "Changes complete."; echo