Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Other Installing wordpress in a subfolder to enhance security

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #39470
    tayo
    Member

    I want to install a wordpress blog to an existing site so that theURL of the blog can look something like this:

    http://mydomain.com/blog

    But based on the recommendations for securing a wordpress site, I have installed wordpress in a sub folder of “blog” so it looks something like this:

    http://mydomain.com/blog/subfolder
    Then I copied the index.php and .htaccess files from “subfolder” into “blog” and changed the index.php file from:

    require(‘./wp-blog-header.php’);

    . . . to this:

    require(‘./subfolder/wp-blog-header.php’);

    From my understanding, the reason for doing this is to make it difficult for “bad guys” to find the wordpress files. In other words I would have to login to wordpress via this URL:

    http://mydomain.com/blog/subfolder/wp-admin/
    . . . instead of
    http://mydomain.com/blog/wp-admin/

    However I noticed that when I type the above path ( http://mydomain.com/blog/wp-admin/)
    it redirects to http://mydomain.com/blog/subfolder/wp-admin/

    So the whole purpose of “protecting” my wordpress files is defeated. How do I prevent this redirection?

    Thanks

    #108297
    chrisburton
    Participant

    How is that more secure? Shouldn’t it be blog.domain.com?

    #108300
    tayo
    Member

    I’m following the advice (security through obscurity) given in Chris Coyier’s book: Digging Into WordPress. There’s also more info about this in the codex: http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory

    #108404
    betzster
    Participant

    I wouldn’t worry about it. WordPress is pretty secure without doing crazy stuff like this ;)

    Something I like to do is move the wp-config.php file up a level so that it’s not in a publicly accessible directory, but if you’re installing WordPress in /blog anyway, moving it up a level means it’s still in a publicly available location.

    #108421
    tayo
    Member

    Thanks Betzster, I decided not to stress over it anymore. On to literaly digging into wordpress : ) Lots to learn!

    #125466
    Derek Wood
    Participant

    The first thing I like to do with a new site is get up an index.html with the simple info like, title and description so that crawlers can grab some information in advance of site launch. Or if a client has a live site up, you can leave it there while you make a new one. So the sub folder is great for that and keeping the root clean.

    3 sites I’ve built in the last year have ended up with viagra all over them, so I don’t have evidence, but I like to put the WP in a rumblebumblecrazyblackmothrainbow type of style like Chris suggests now. It’s pretty easy(except that every time I do it I have a heart attack and mess it up) – so you might as well. I could easily search out folders on a server with key words like wordpress or wp and find those files, so that means people who really want to find them definitely can.

Viewing 6 posts - 1 through 6 (of 6 total)
  • The forum ‘Other’ is closed to new topics and replies.