Updated on
WordPress has slowly become one of the most used CMS over the internet. The downside of that is most of the sites on the web follow the same structure, and one loophole can expose all those sites to a security threat.
[bctt tweet=”Every #webmaster should take some actions to make sure that their site is secure. One of the action is to make sure that your #site structure is hidden so that #hackers can’t quickly figure it out.”]
Contents
WP-Content Folder
WordPress has some predefined folder structure which helps in segregating content. Each folder has a specific purpose, and it contains a particular type of data.
One of that folder is WP-Content which contains your themes, plugin and uploaded images. More specifically, all the user content related to a specific WordPress site is kept in that folder.
You can recover from the loss of any other folder, but if you lose WP-Content folder, it will be hard to recover unless you have a backup.
So you need to make sure that you take the backup of your WordPress site regularly and hide the WP-Content folder so that it’s not easy to find.
WP-Config File
WP-Config.php is one of the important files for WordPress, which contains essential settings about your site structure like your database connection details, your site address, etc. Because of that, you want to make sure that the file is always protected. One of our plugin tests will let you know if this file has the right permissions, so don’t forget to scan your site every now and then.
There are few settings that can help you replace or rename the WP-Content folder /wp-content/ – Most of the hackers just run some automated scripts to hack the sites, and those scripts will fail in case your site structure is different than the regular WordPress site.
You can find the WP-Config.php file in your site home directory. The best way to update it is by downloading it to your computer, make a change and upload it back to your server.
You can use any FTP client to download and upload the WP-Config.php file.
Most of the entries in WP-Config file start with a keyword – define.
It allows you to define values which can be accessed from your WordPress installation.
Syntax – define(Symbol1, Value1)
Symbol1 – name which you can use anywhere in WordPress installation
Value1 – Value which will be replaced for Symbol1
WordPress has some predefined symbols with default values which are used to setup installation defaults. You can use and replace those default values to accomplish your task.
How to Rename – change wp-content folder name
If you do not want your user content folder to be named as WP-Content, you can change the name of the folder and ask WordPress to pick your user data from the new folder.
WordPress allows you to define the name of the content folder with the help of WP_CONTENT_FOLDERNAME symbol.
Step 1: Download the WP-Config.php file
Step 2: Open and Edit the WP-Config.php file to add the below line
define( 'WP_CONTENT_FOLDERNAME', ‘new_directry_name’ );
You can add the code before the ABSPATH variable declaration in WP-Config.php.
Once you add this to your WP-Config.php, WordPress will treat the new directory name as your content folder.
Remember this is just a rename, so your new content directory should be in the same location as WP-Content folder.
Step 3: Change ‘new_directory_name’ to the name you want for your content folder.
Step 4: Upload WP-Config.php file back to your server.
How to replace the WP-Content Folder
If you want to replace the wp-content folder rather than renaming it in the same place, you need to use the below mention method.
WordPress comes with two symbols, WP_CONTENT_DIR and WP_CONTENT_URL, which allows you to define your content directory and content URL structure.
Step 1: Download the WP-Config.php file
Step 2: Open and Edit the WP-Config.php file to add the below lines
define( 'WP_CONTENT_DIR', ‘new_directry_local_path’ );
define( 'WP_CONTENT_URL', 'http://new_directry_url' );
WP_CONTENT_DIR will tell WordPress to use the specified directory as a content directory rather than WP-Content directory.
You also need to change the WP_CONTENT_URL, so that the URL also points to correct place. It is crucial for your themes, plugins, and attachments to work correctly.
Like in rename method, you can add these line before the ABSPATH variable declarations.
Make sure there are no forward slashes (/) at the end of URL and Directory.
Step 3: Change new_directory_local_path and http://new_directory_url to your local path and URL.
Step 4: Upload WP-Config.php file back to your server.
Once you add these lines, you will see all your uploaded themes, plugins and images will start using the new directory rather than a WP-Content folder.
So, here is how you can rename or replace the WP-Content folder to provide more security to your WordPress site. This will help in making sure that hackers scripts can’t directly run on your installation, which will avoid many automated attacks on your WordPress site. So go ahead and secure your WordPress installation.