Securing WordPress by installing it into different directory

  • When I read about securing wordpress it was recommended to install it into a different directory under root folder. Only the index file and .htaccess should be in root folder while rest can be in the different folder.

    Well I did such installation and everything works perfectly. It is only recently that when I happen to see the source page of my website I discovered many images and java scripts shows complete path exposing the directory below the root folder where wordpress resides. So what is the sense of installing into a another directory? Is there a way to prevent this directory to exposed?

Viewing 1 replies (of 1 total)

  • That’s mostly ‘security through obscurity’ where the core isn’t in its usual location. It does render a cleaner install and is a boost to security. How far you go with that beyond that ‘WordPress in its own Directory’ is up to you but you can go further.

    Most of my installs run from their own directory but most of my installs are multi-site so I don’t go too far from the norm… the norm in my book is ‘WordPress in its own Directory’ running as you most likely have yours.

    There is one more security step where you can take WP-config outside (above) the web root and ‘hide’ it and that very sensitive content that file contains outside of view from casual reach.

    The server would normally hide the content of all PHP files but that content could become exposed when something breaks. Here’s an article that helps explain this well and can help you move this file if you wish https://www.groovypost.com/howto/improve-wordpress-securitty-wp-config-php-location/

    Exposing directories is just part of the ways of how things work but most of that exposure is not exposing the actual data or data locations.

Viewing 1 replies (of 1 total)
  • The topic ‘Securing WordPress by installing it into different directory’ is closed to new replies.