[wp-hackers] Use non default path for wp-admin e wp-includes

Paul Menard codehooligans at codehooligans.com
Fri Apr 6 18:29:01 GMT 2007


In WP Options -> General you can setup the Site (public facing) to be  
one URL and the WordPress admin site to be two different URLs.

For example I've created the site/Blog URL to be http://www.mysite.com
Under WP Options -> General the Blog address is http://www.mysite.com
On disk this site's root path is  /var/www/htoccs/mysite_www/

For the Admin site I create a sub-domain http://admin.mysite.com
Under WP Options -> General the WordPress address is http:// 
On disk this site's root path is /var/www/htdocs/mysite_admin/

So notice the WWW and ADMIN sites are under two different directory  

In the root of the WWW site I have one file, index.php. Below is the  
contents of this file.

/* Short and sweet */
define('WP_USE_THEMES', true);

The require line pulls in wp-blog-header.php. In a default WP  
installation this index.php lives in the wordpress root directory.  
The trick here is to have the WWW aware of the ADMIN site via the PHP  

So in my Apache VirtualHost entry I includes the path to the  
location /var/www/htdocs/mysite_admin/

Below are the two Virtual Host I use.

     ServerName www.mysite.com
     ServerAdmin webmaster
     DocumentRoot        /var/www/htdocs/mysite_www

    # This is to access the WordPress functions via the admin path.
     php_value include_path "/var/www/htdocs/mysite_admin/"

    # I use the following instead of the .htaccess file. Much faster  
since Apache does not need to check the directory
     <Directory          /var/www/htdocs/mysite_www>
                 # BEGIN WordPress
                 <IfModule mod_rewrite.c>
                         RewriteEngine On
                         RewriteBase /
                         RewriteCond %{REQUEST_FILENAME} !-f
                         RewriteCond %{REQUEST_FILENAME} !-d
                         RewriteRule . /index.php [L]
                 # END WordPress


     ServerName admin.mysite.com
     ServerAdmin webmaster
     DocumentRoot        /var/www/htdocs/mysite_admin

What I've not been able to figure out is how to keep the theme  
related content under the WWW site and thus keep the WP engine out of  
the picture. Well doing that without hacking my own version of WP  
that is.


On Apr 6, 2007, at 10:08 AM, vitamona wrote:

> Hi,
> for security reason i think to move to wp-admin/ and wp-include/ into
> a non standard path for example into a directory or only for
> wp-include out from php open_basedir.
> The wp-admin and wp-includes are hard coded into the sources.
> Is there a simple way for make this?
> Thanks
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list