- This topic is empty.
-
AuthorPosts
-
August 21, 2012 at 6:55 pm #39470tayoMember
I want to install a wordpress blog to an existing site so that theURL of the blog can look something like this:
But based on the recommendations for securing a wordpress site, I have installed wordpress in a sub folder of “blog” so it looks something like this:
http://mydomain.com/blog/subfolder
Then I copied the index.php and .htaccess files from “subfolder” into “blog” and changed the index.php file from:require(‘./wp-blog-header.php’);
. . . to this:
require(‘./subfolder/wp-blog-header.php’);
From my understanding, the reason for doing this is to make it difficult for “bad guys” to find the wordpress files. In other words I would have to login to wordpress via this URL:
http://mydomain.com/blog/subfolder/wp-admin/
. . . instead of
http://mydomain.com/blog/wp-admin/However I noticed that when I type the above path ( http://mydomain.com/blog/wp-admin/)
it redirects to http://mydomain.com/blog/subfolder/wp-admin/So the whole purpose of “protecting” my wordpress files is defeated. How do I prevent this redirection?
Thanks
August 21, 2012 at 7:04 pm #108297chrisburtonParticipantHow is that more secure? Shouldn’t it be blog.domain.com?
August 21, 2012 at 7:09 pm #108300tayoMemberI’m following the advice (security through obscurity) given in Chris Coyier’s book: Digging Into WordPress. There’s also more info about this in the codex: http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory
August 24, 2012 at 1:07 am #108404betzsterParticipantI wouldn’t worry about it. WordPress is pretty secure without doing crazy stuff like this ;)
Something I like to do is move the wp-config.php file up a level so that it’s not in a publicly accessible directory, but if you’re installing WordPress in /blog anyway, moving it up a level means it’s still in a publicly available location.
August 24, 2012 at 12:12 pm #108421tayoMemberThanks Betzster, I decided not to stress over it anymore. On to literaly digging into wordpress : ) Lots to learn!
February 20, 2013 at 9:33 pm #125466Derek WoodParticipantThe first thing I like to do with a new site is get up an index.html with the simple info like, title and description so that crawlers can grab some information in advance of site launch. Or if a client has a live site up, you can leave it there while you make a new one. So the sub folder is great for that and keeping the root clean.
3 sites I’ve built in the last year have ended up with viagra all over them, so I don’t have evidence, but I like to put the WP in a rumblebumblecrazyblackmothrainbow type of style like Chris suggests now. It’s pretty easy(except that every time I do it I have a heart attack and mess it up) – so you might as well. I could easily search out folders on a server with key words like wordpress or wp and find those files, so that means people who really want to find them definitely can.
-
AuthorPosts
- The forum ‘Other’ is closed to new topics and replies.