security and directory question (5 posts)

  1. trek406
    Posted 9 years ago #

    we are trying to use wordpress for the first time and did an install on our server. we are trying to migrate from blogger.
    anyway, we noticed that in our web logs that people have found access to the admin/upgrade page for the wordpress. is there a way to protect all of the directories and not interfere with functionality? i dont think it is a cookie thing since i tested it on another machine.

    also, is it better to have wordpress on a subdomain or in another folder on the main domain? we cannot run it in the domains root folder due to other items that need to run there. we are concerned with security and seo issues running this. we like what it offers with the upgrades that are out there.

    thanks for any assistance.

  2. moshu
    Posted 9 years ago #

    You can safely delete the upgrade and install files.
    More: http://codex.wordpress.org/Hardening_WordPress

    Edit. It doesn't matter where WP is installed.

  3. trek406
    Posted 9 years ago #

    so we do the correct thing, what folder should we delete and files so nothing else is impacted?

  4. moshu
    Posted 9 years ago #

    Don't delete any folder(s).
    Just the install.php and upgrade.php files.

  5. trek406
    Posted 9 years ago #

    thanks. did that. if we need to upgrade in the future i guess we find that somewhere in the admin?

    we also installed plugins, etc. we see alot of traffic that reads /wpadmin....jax...php, planetnews.....ultimate-tag-warrior, yet i dont see these on the blog even though i installed them. dont know if this works in the background and if this is real traffic, etc.....

    thanks for the other help!

Topic Closed

This topic has been closed to new replies.

About this Topic