Thanks to the open-source nature of WordPress, anyone – as well as hackers – will research the everyday file structure of a WordPress website and understand exactly wherever to begin an attack.
Fortunately, rearranging your core WordPress file structure is one methodology you’ll be able to use from your security arsenal to combat hacks and bolster your site’s defenses.
So during this post, I’m getting to walk you thru 2 ways that you’ll be able to customize your file structure for single and Multisite installs, furthermore as show you the code you need to bring it all together.
All About That Backup
Since customizing your file structure will break your web site in one swift move if you’re not careful, making a backup ensures you’ll be able to restore your web site to its former glory in case things go south.
You can backup just your files only if you’re pressed for time, but an unabridged, brimming backup is best. You have been forewarned.
For details on a way to backup your website, verify a number of our alternative posts:
- How to Backup Your WordPress Website (and Multisite) Using Snapshot
- Creating a Manual Backup of WordPress When It’s Down or Locked
- 4 Top WordPress Multisite Backup Solutions Tested and Reviewed
- 7 Top Premium and Freemium WordPress Backup Plugins Reviewed
In the event that your files can’t communicate together with your info to show your website, error messages are printed on the front end of your site with some sensitive information. It is useful to induce obviate this by turning on error work therefore any problems square measure discreetly written in a very log solely you’ll be able to access.
For details on a way to disable front error reportage and facultative your error log, check out post Debugging WordPress: How to Use WP_DEBUG.
Speaking of front-end errors, reorganizing your file structure takes your site offline for a few minutes while you complete the process so setting up a temporary redirect (302) can help keep your guests (and Google!) happy whereas you turn things up. You can verify post making Redirects for WordPress (and the most effective Plugins for the Job) for details on 302 redirects and the way to line them up.
Changing Your File Directory
The first reasonably amendment you’ll be able to create is to maneuver about 2 files aloof from the foundation of your website to a separate directory. Typically, doing this means you would have to change your site’s URL from www.your-site.com to something similar to www.your-site.com/core-files/, but it’s possible to keep your site’s address the way it is whereas still moving your files into a directory.
Hackers would assume by your universal resource locator that every one your files area unit situated within the root of your install, however, they quickly understand this isn’t the case once they aren’t in a position to hack your site. Since they won’t be able to easily guess where your files are located, they’re more likely to stay untouched.
Creating a New Directory
Start by making a new directory within the root of your web site. you’ll value more highly to try this with SSH and therefore the program line, FTP with a program like FileZilla or through your management panel’s file manager.
In cPanel, go toFiles > File Managerafter logging in and locate your site’s files. In the root, click theFolderbutton at the top of the page and enter a name for your new directory.
The idea here is to call your new folder during a manner that isn’t obvious. as an example, don’t name your new directory “wordpress,” “wp-core,” your site’s name or one thing similar. attempt to choose a reputation that wouldn’t be simply guessable for hackers, however that’s still clear to you.
When you’re done, click produce New Folder. you ought to see it listed among your alternative files. Before you progress any of your files, you wish to update your WordPress address that tells your web site wherever your core files are placed.
Updating the URL for Your Files
Log in to your WordPress site if it’s a single install and go toSettings > Generalin your admin dashboard. Add a slash to the end of your site’s address in theWordPress Address (URL)field, followed by the name of the directory you created.Don’tadd a trailing slash at the end.
ClickSave Changesat the bottom of the page when you’re done. Your site should be unavailable now, but don’t panic since that’s a normal part of the process.
If you have installed a Multisite network, you won’t be able to update your WordPress address from your super admin dashboard. You need to hard code it into yourwp-config.phpfile instead.
You could also choose to do this for single installations as well, but keep in mind that you won’t be able to update the URL in your dashboard afterward.
Open yourwp-config.phpfile and add the following lines toward the bottom of the page, but before the
/* That's all, stop editing! Happy blogging. */
Line.
https://gist.github.com/anupamsahoo/e9f54c66538405edeb0dcea34446b9e0Just be sure to replaceapplication
with the actual name of the folder you created. If your domain doesn’t have anSSL certificated installed, you also need to replace thehttps
portion in both lines tohttp
.
Save your changes and ignore any error messages or the general unavailability of your site for now. It’s time to move your core files.
Moving Your Files
In cPanel, return to your file manager and therefore the root of your web site. Select all of your files and folders aside from the new folder you only created earlier. Once they’re all highlighted, drag and drop them into your new directory.
Go into that new folder and choose your .htaccess file. Click the Copy button at the highest of the page and edit the file path within the pop-up to reflect the root of your install. Click Copy File(s).
If you don’t see it on the list, click on Settings at the top right of the page and click on the checkbox to indicate hidden files, then save. If you see it within the root of your install, move it and the other hidden files to your new directory.
Once your .htaccess file has been with success derived back to its original location, copy your index.php go into the precise same method.
Editing Your Index Page
In order for your web site to reflect your new file path, you wish to update your index.php file. choose the one that you simply derived to the root of your web site and click on on the Edit button at the top of the page.
Find these lines toward the bottom of the file:
https://gist.github.com/anupamsahoo/bd3c56f7a15b930d28f4e3a5a18d5203Update/wp-blog-header.php
to include your new directory. For example, if your new folder is calledapplication
, you would change the file path to this:/application/wp-blog-header.php
.
Finishing Up
Save your changes and log back into your site’s dashboard. The URL you visit should include your new directory.
For example, if your new directory is named application, you’d visit www.your-site.com/application/wp-admin or www.your-site.com/application/wp-login.php.
Go to Settings > Permalinks and click on the Save Changes button at bottom of the page. This updates your .htaccess file automatically thus all of your posts still show once a user visits them.
You can additionally consider the Giving WordPress Its Own Directory within the WordPress Codex if you’d like some additional info.