Hardening WordPress - wp-admin, uploads, no comments, deleting files (1 post)

  1. ururk
    Posted 6 years ago #

    I've followed the concepts here:



    As a measure to secure WordPress, I removed the wp-admin folder, and moved it to the private directory of my site, which requires a login. In order to get this config to work, I needed to create symbolic links to wp-content, wp-includes, and I copied over all root-level files. This works... to a degree.

    I'm OK with the symlinks pointing to wp-content, wp-includes. However, I'd like to figure out which files in the root wordpress directory wp-admin requires, and which it doesn't.

    Additionally, how do I figure out which files the public side does not need?


    In order to enable wordpress to write to the uploads folder, I need to run this unix command:

    fs sa ~user/pathtosite/Public/html/wp-content/uploads groupOrServerName write

    I don't like leaving this folder server write-able, but don't know any ways to get around this. Any ideas? My biggest fear is some sort of exploit that allows someone to write to the folder using a wordpress script.


    Since WordPress is being used as a CMS, comments have been disabled. Can I safely delete:


    *****other files*****

    So, can I delete these files in the public side:


    or move these to the Private side?


Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.