xbiz world
xbiz premiere
educational

Hardening Sites by Obfuscating File Structures

When it comes to improving adult website security, sophisticated software, expensive hardware and other means are often employed; but budget-conscious operators can use a bit of strategy to harden their sites by obfuscating common directory and file structures, as well as other simple tricks that amount to a free and easy means of increasing security.

Fundamental to this process is understanding the basic strategy being used: as many hackers look for certain files or folders that either have vulnerabilities to known exploits, or reveal details about the software, systems and services that a targeted web server uses, simply changing the name, location or “permissions” of certain files leaves hackers with questions, rather than answers.

... simply changing the name, location or “permissions” of certain files leaves hackers with questions, rather than answers.

For example, WordPress is often pointed to as being “insecure,” but this is akin to the Windows operating system being “insecure,” if for no other reason than the most popular products make the most popular targets. In this case, WordPress installations by default use the “wp_” database prefix — the presence of which clearly identifies the underlying technology platform and opens the doors to automated MySQL injection attacks.

This vulnerability can easily be addressed by using a different database prefix, which is hopefully not readily guessable such as “sitename_” or another obvious point of attack. While not an impenetrable barrier, this simple measure blocks a substantial number of attacks — especially random assaults, where a specific site is not targeted, but rather, any site that a malicious payload stumbles upon and can infect.

Moving the wp_config.php file up one level from its normal directory structure and setting its file permissions to 400 or 440 is another recommended hardening measure that handily illustrates the process that webmasters should go through on their own websites.

Is there a particular filename or path that identifies your site’s workings? Are version numbers visible, or used within the HTML code, such as within the “meta generator” tag? These are clues that hackers seek when attempting to compromise a website.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Complying With New Age Assurance and Content Moderation Standards

For adult companies operating in today’s increasingly regulated digital landscape, maintaining compliance with card brand requirements is essential — not only to safeguard your operations but also to ensure a safe and transparent environment for users.

Gavin Worrall ·
opinion

Understanding the FTC's New 'Click to Cancel' Rule

The Federal Trade Commission’s new “Click to Cancel” rule has been a hot topic in consumer protection and business regulation. Part of a broader effort to streamline cancellation processes for subscription services, the rule has sparked significant debate and legal challenges.

Corey D. Silverstein ·
opinion

Key Factors for Choosing a Merchant Services Partner

Running a successful adult business requires more than just delivering alluring and cutting-edge products and services. Securing the right payment processing partner is essential to maintaining a steady revenue stream.

Jonathan Corona ·
opinion

Identifying and Preventing Transaction Laundering

Recently, a few merchants approached me after receiving compliance notifications from their acquirer about transaction laundering. They were unsure what it meant, and unsure how to identify and fix the problem.

Cathy Beardsley ·
profile

WIA: Alexis Fawx Levels Up as Multifaceted Entrepreneur

As more performers look to diversify, expanding their range of revenue streams and promotional vehicles, some are spreading their entrepreneurial wings to create new businesses — including Alexis Fawx.

Women In Adult ·
opinion

Navigating Age-Related Regulations in Europe

Age verification measures are rapidly gaining momentum across Europe, with regulators stepping up efforts to protect children online. Recently, the U.K.’s communications regulator, Ofcom, updated its timeline for implementing the Online Safety Act, while France’s ARCOM has released technical guidance detailing age verification standards.

Gavin Worrall ·
opinion

Why Cyber Insurance Is Crucial for Adult Businesses

From streaming services and interactive platforms to ecommerce and virtual reality experiences, the adult industry has long stood at the forefront of online innovation. However, the same technology-forward approach that has enabled adult businesses to deliver unique and personalized content to consumers worldwide also exposes them to myriad risks.

Corey D. Silverstein ·
opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
Show More