Change WordPress directory for security? | WordPress.org

gummy_bear
(@gummy_bear)

16 years ago

Hello Forum,

I was looking through my cpanel visitor log today and noticed some sort of malicious auto scanner that was scanning my site with lots of different random directory guesses. Most of them didn’t exist – returning a 503. The the malicious scanner then guessed the folder & file combination of /wordpress/wp-login.php (which is where my current WP 2.9.2 resides) I wasn’t hacked or anything but it got me a bit worried…

I was wondering if it would be wise to change the wordpress directory to something less obvious? – which I think is just a case of changing the current /wordpress/ folder name to whatever I want and then changing ‘WordPress address (URL)’ via the WP admin – is this the correct method? Are their any further implications?

Also I was thinking of installing some sort of WP secure plugin like the ‘Secure WordPress’ plugin – how effective is this plugin? Any more/better recommendations?

I’m particularly security concious/paranoid (lol) due to the blog being integrated within an e-commerce store. Hope you understand.

Thanks : )

Viewing 1 replies (of 1 total)

Moderator James Huff
(@macmanx)

16 years ago

You’ll want to change both of the URLs in Settings/General to http://www.yourdomain.com/new-directory and then change the directory name.

The random bots will continue to sniff around, no matter where you move to. They’re generally looking for exploits in older versions of WordPress. Keep your copy of WordPress up-to-date and follow some (if not all) of the recommended security measures, and you should be fine.

Viewing 1 replies (of 1 total)

The topic ‘Change WordPress directory for security?’ is closed to new replies.

In: Fixing WordPress
1 reply
2 participants
Last reply from: James Huff
Last activity: 16 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics