I wouldn’t worry about it. WordPress is pretty secure without doing crazy stuff like this ;)
Something I like to do is move the wp-config.php file up a level so that it’s not in a publicly accessible directory, but if you’re installing WordPress in /blog anyway, moving it up a level means it’s still in a publicly available location.
The reasoning cited in the codex page you linked to (“not cluttering up the root directory”) makes for a good reason to move WP into its own folder, but “security” does not.
“Security through Obscurity” (i.e., “hiding” things) is useless. In fact, it’s worse, because it gives people a false sense of security.
If, on the other hand, you wanted to move WP above the site root, that would add to security. I don’t know enouogh about WP’s structure to say if that would cause any problems or not, but if you can safely move it to other directories, then it shouldn’t be problematic. You can achieve similar security by restricting access to whatever directory WP is in (e.g., via .htaccess).
The first thing I like to do with a new site is get up an index.html with the simple info like, title and description so that crawlers can grab some information in advance of site launch. Or if a client has a live site up, you can leave it there while you make a new one. So the sub folder is great for that and keeping the root clean.
3 sites I’ve built in the last year have ended up with viagra all over them, so I don’t have evidence, but I like to put the WP in a rumblebumblecrazyblackmothrainbow type of style like Chris suggests now. It’s pretty easy(except that every time I do it I have a heart attack and mess it up) – so you might as well. I could easily search out folders on a server with key words like wordpress or wp and find those files, so that means people who really want to find them definitely can.
Viewing 7 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic.
*May or may not contain any actual "CSS" or "Tricks".