Multisite own directory ( Security)

Harden the server itself.

really, the practice of giving it its own directory is another security-thru-obscurity which will slow someone down by maybe five minutes.

There’s already extra features built in the multisite to stop non-super-admins from wrecking things. the best thing you can do is to stop people from lifting your FTP password, because that’s a bajillion times easier to get.

Use sftp or ssh to do work on your server instead, or via a web control panel and pick super-complex passwords. ??

Got it. Thank you once again, Andrea ??

Also don’t use the same password for WordPress as your FTP/SSH server.

The one and only time my server was infected was when I used a Windows PC with no virus scanning, got a weird popup, AND was FTPing. Yeah, I knew it was screwey right then and there. Ended up with Darkmailer on my box!

Oh, this one time? I got hacked and it was my own darn fault.

Somehow, permissions on my wp-config were set so someone could snag it and read it. the db user’s password was the same as my cpanel/ftp password.

DOH. Yeah, bonehead all the way. (In my own defense, this was, like, 4-5 years ago…)

Now, the hacker was not able to get into WordPress. they were able to get into my files though, and lucky for me all they did was put a index.html on the server, which overrode all the WordPress stuff.

Lesson learned, never forgot it.

Yeah, a learned it the same way. All my 7 WordPress blogs (some of which where institutional) got hacked too. That’s why I got obsessive with security ??