Support » Fixing WordPress » Hardening WordPress – wp-admin, uploads, no comments, deleting files

  • I’ve followed the concepts here:


    As a measure to secure WordPress, I removed the wp-admin folder, and moved it to the private directory of my site, which requires a login. In order to get this config to work, I needed to create symbolic links to wp-content, wp-includes, and I copied over all root-level files. This works… to a degree.

    I’m OK with the symlinks pointing to wp-content, wp-includes. However, I’d like to figure out which files in the root wordpress directory wp-admin requires, and which it doesn’t.

    Additionally, how do I figure out which files the public side does not need?


    In order to enable wordpress to write to the uploads folder, I need to run this unix command:

    fs sa ~user/pathtosite/Public/html/wp-content/uploads groupOrServerName write

    I don’t like leaving this folder server write-able, but don’t know any ways to get around this. Any ideas? My biggest fear is some sort of exploit that allows someone to write to the folder using a wordpress script.


    Since WordPress is being used as a CMS, comments have been disabled. Can I safely delete:


    *****other files*****

    So, can I delete these files in the public side:


    or move these to the Private side?


  • The topic ‘Hardening WordPress – wp-admin, uploads, no comments, deleting files’ is closed to new replies.