Forums

Give help. Get help.

  • # August 21, 2012 at 6:55 pm

    I want to install a wordpress blog to an existing site so that theURL of the blog can look something like this:

    http://mydomain.com/blog

    But based on the recommendations for securing a wordpress site, I have installed wordpress in a sub folder of “blog” so it looks something like this:

    http://mydomain.com/blog/subfolder
    Then I copied the index.php and .htaccess files from “subfolder” into “blog” and changed the index.php file from:

    require(‘./wp-blog-header.php’);

    . . . to this:

    require(‘./subfolder/wp-blog-header.php’);

    From my understanding, the reason for doing this is to make it difficult for “bad guys” to find the wordpress files. In other words I would have to login to wordpress via this URL:

    http://mydomain.com/blog/subfolder/wp-admin/
    . . . instead of
    http://mydomain.com/blog/wp-admin/

    However I noticed that when I type the above path ( http://mydomain.com/blog/wp-admin/)
    it redirects to http://mydomain.com/blog/subfolder/wp-admin/

    So the whole purpose of “protecting” my wordpress files is defeated. How do I prevent this redirection?

    Thanks

    # August 21, 2012 at 7:04 pm

    How is that more secure? Shouldn’t it be blog.domain.com?

    # August 21, 2012 at 7:09 pm

    I’m following the advice (security through obscurity) given in Chris Coyier’s book: Digging Into WordPress. There’s also more info about this in the codex: http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory

    # August 24, 2012 at 1:07 am

    I wouldn’t worry about it. WordPress is pretty secure without doing crazy stuff like this ;)

    Something I like to do is move the wp-config.php file up a level so that it’s not in a publicly accessible directory, but if you’re installing WordPress in /blog anyway, moving it up a level means it’s still in a publicly available location.

    # August 24, 2012 at 12:12 pm

    Thanks Betzster, I decided not to stress over it anymore. On to literaly digging into wordpress : ) Lots to learn!

    # February 20, 2013 at 9:33 pm

    The first thing I like to do with a new site is get up an index.html with the simple info like, title and description so that crawlers can grab some information in advance of site launch. Or if a client has a live site up, you can leave it there while you make a new one. So the sub folder is great for that and keeping the root clean.

    3 sites I’ve built in the last year have ended up with viagra all over them, so I don’t have evidence, but I like to put the WP in a rumblebumblecrazyblackmothrainbow type of style like Chris suggests now. It’s pretty easy(except that every time I do it I have a heart attack and mess it up) – so you might as well. I could easily search out folders on a server with key words like wordpress or wp and find those files, so that means people who really want to find them definitely can.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

icon-anchoricon-closeicon-emailicon-linkicon-logo-staricon-menuicon-nav-guideicon-searchicon-staricon-tag