WordPress has become the best blogging platform and mostly used by people. Did you ever know that a lots of hacker are always trying to get into your WordPress system? They, generally do this by using some SQL query (SQL injection) to the admin templates of WordPress. As the new blogger install WordPress in the root directory and keep the whole things as it was at the time of installation, things are become quite easier for the hackers because they can easily target location of your website core files.
Moving your WordPress installation files from the default location can be a good choice so that, any body can’t know about the location of your website’s core files. As a result, hackers will remain failure to perform any type of evil action with your blog.
First of all, take a full backup of your WordPress blog to ensure that you can restore the stable state of your blog if any thing goes wrong with your site configuration.
How to Move the WordPress Core files
1. Log-in to your FTP and create a directory at as deep as you like. For instance the location may be
public_html > example > data > some_directory > core
2. Download the followings from your current installation directory (generally
- wp-admin directory
- wp-includes directory
- wp-content directory
and all php files in the same folder like index.php, wp-config.php, wp-activate.php, wp-blog-header.php, wp-atom.php, wp-comments.php and so on. Also download the .HTACCESS file.
3. Upload all the files and directory that you’ve downloaded in the step 2 at your desired location (
public_html > example > data > some_directory > core). Wait for a while until the uploading process completes.
4. Don’t delete the existing directories, currently on your server. You can do it later.
Make a small change in your WordPress settings
Log-in to your WP admin area and go to Settings > General. Now at “WordPress address url” field write down the complete url of the directory where you’ve uploaded the files in step 3. In this example the path should be ‘
https://www.techtipsapp.com > example > data > some_directory > core'.
5. Save the changes by clicking on the “Save changes” button.
6. Immediately after this, your blog home can be messed up and you will get some error massage. Don’t worry! Things are yet to complete.
7. Download the ‘index.php’ file from your root directory and open it with Notepad. Search for the line
8. Change the above code to
As for this example the code should be
9. Upload the edited version of ‘index.php’ in the root drive over writing the existing one.
That’s all. You have successfully moved your WordPress core files in a custom location.
What will be my WordPress login link?
The old login link will not further work. Your new login link would be
http://yourdomain/new_directory/wp-login.php. For instance the new login url is ‘
https://www.techtipsapp.com > example > data > some_directory > core > wp-login.php'.
Should I delete My old files from the root directory?
Well! Once you’ve successfully moved the WordPress core files and your site is running properly, you can delete all the WordPress files from the root directory except the wp-content directory, ‘index.php’ and .HTACCESS file.
You should concentrate here:
1. Do not delete the wp-content folder from its old location as it contains the folder “Upload” where the post images of your blog resides. Deleting that folder will make lost your post from their images. But if you want not to keep the wp-content folder in two locations as there exists another in the new location then you can host post images in a subdomain or update the previous post with the new image path. Both the method has been described in the article Host Images of WordPress Blog in a Subdomain for Better Speed.
2. Don’t publish the login link in your website so that any body can find again your WP core file location. Otherwise, all your hard work will become meaningless.
Does your WordPress still reside at the root directory or in a different custom location?