WordPress is the tool bloggers use for their website. However, this popularity has its downsides, too. Because it is so popular, WordPress attracts hackers, as well, since it is a tool everyone uses. Not only that, most bloggers who use WordPress keep their core files in the root directory of their site, usually leaving them alone after installing everything, and it is likely that the hackers will start looking their first when breaking through the site.
The best way to prevent this from happening would be to move your core files and store them somewhere other than the root directory. This way, hackers will not easily reach your files and compromise your blog. Read on to learn how you can do this.
Also, before starting, make sure to backup your entire WordPress blog, so that you can easily restore your blog to its previous state in case hackers break into it.
Moving the core files
1. To start, log into your FTP and create a directory deep into the system as you choose.
2. Download the following files from your current installation directory, as well as all PHP files in the folder, and the .Htaccess file:
• WP-admin directory
• WP-includes directory
• WP-content directory
3. After downloading them, upload them to your desired location.
You can delete the files in the old location anytime, but there’s no important need to do it right away. There’s still more to do after having moved the core files.
4. Log into your WordPress admin area and go to “Settings,” then “General”.
5. Under “General,” write down the URL of the directory where you uploaded the files to back in step 3. Save your changes when you’re done.
6. Your blog’s home page will then get an error message. Do not worry as this is supposed to happen.
7. Download the index.php file from your root directory and open it with Notepad. Search for “require (‘. /WP-blog-header. PHP’)” and add your root directory path just before “/WP-blog-header.PHP”.
8. Upload the edited index.php into the root directory and overwrite the existing one.
And that’s the whole process. Your WordPress core files are now in a different location and your blog will continue to run just fine.
Other things to take note of
Now that your files are now in a safe place, here are some things you should take care to remember. The old login link will not work anymore; and your new login link will now be at “http: //*domainname*/*newdirectorylocation*/WP-login. PHP”. Also, you can choose to delete the core files in the old location anytime, so long as you don’t delete the WP-content directory, index.php and the .htaccess file. This is because the WP-content directory contains the “Upload” folder, where the posted images on your blog are stored. If this is deleted, you lose your images. There is a way to keep the WP-content folder in two different locations, but that would be for another time. You also shouldn’t publish the new login link to your website; that would be like telling everyone in a bar where you keep the valuables in your house.
And that is all on how to keep your website’s core files in a different location in your directory.