Lots of good suggestions that I intend to look into further. Thanks Brad.
One glaring error in the wp-config.php stuff though. The file should really be in the directory above public_html/, not in public_html/ itself. If WordPress is installed directly in public_html/ then you’re all set.
But if, like me, you’re using a folder like wordpress/ to organize things, you need WordPress to look 2 levels up. The simple solution is to modify wp-config.php with something like this: require_once(ABSPATH . ‘../../secret.php’); just before the require for wp-settings.php. Put secret.php above your public_html folder and move all the password stuff to there.
@mugger I’ve been meaning to do a blog post about my particular setup. Actually I’m planning to setup a new blog on WordPress coding, just need to make the time to do it. When I do, I’ll post here again.
Thanks for the kind words everybody! Actually the wp-config.php file can exist in one of two places by default: either the root WordPress directory or one level above that directory. WordPress will look in both spots before throwing an error.
@mugger I’m prepping a base setup that can be readily cloned… http://hg.nathany.com/wp-base/src/ It has an my wp-config as well as secret-sample as a template for creating ../secret.php (up a level).
An accompanying blog post should be up in a few days. Right now I’m waiting for DNS for vogsphere.org.
I’d also like to review Brad’s video and get those suggestions into my base setup.
@Brad Maybe something is different between our configs, but for me, ABSPATH points to the /wordpress/ folder inside public_html (webroot, htdocs, you get the idea ). WordPress looks in the ABSPATH folder and one directory up, which in my case is the public_html/wordpress/ folder and the public_html/ folder. Hence, my little workaround to drop a file two levels up from ABSPATH so its not inside public_html.
If ABSPATH is defined differently for you, as the actual public_html/ folder, I’d sure like to understand what I’m doing differently.
But if, like me, you’re using a folder like wordpress/ to organize things, you need WordPress to look 2 levels up. The simple solution is to modify wp-config.php with something like this: require_once(ABSPATH . ‘../../secret.php’); just before the require for wp-settings.php. Put secret.php above your public_html folder and move all the password stuff to there.
One glaring error in the wp-config.php stuff though. The file should really be in the directory above public_html/, not in public_html/ itself. If WordPress is installed directly in public_html/ then you’re all set.
August 13, 2009 at 6:01 am |
Great Talk
sshing and chmod-ing files right now!
Thanks a whole heap – very useful information!
LikeLike
August 14, 2009 at 10:14 pm |
really great talk, thank you Brad for very important information about security.
LikeLike
August 20, 2009 at 3:06 am |
Lots of good suggestions that I intend to look into further. Thanks Brad.
One glaring error in the wp-config.php stuff though. The file should really be in the directory above public_html/, not in public_html/ itself. If WordPress is installed directly in public_html/ then you’re all set.
But if, like me, you’re using a folder like wordpress/ to organize things, you need WordPress to look 2 levels up. The simple solution is to modify wp-config.php with something like this: require_once(ABSPATH . ‘../../secret.php’); just before the require for wp-settings.php. Put secret.php above your public_html folder and move all the password stuff to there.
LikeLike
August 24, 2009 at 6:46 pm |
Nathan, would you mind fleshing that out a bit with a pseudo example?
Thanks for dealing with the case of sub folder which WP seems to have neglected.
LikeLike
August 25, 2009 at 5:18 am |
@mugger I’ve been meaning to do a blog post about my particular setup. Actually I’m planning to setup a new blog on WordPress coding, just need to make the time to do it. When I do, I’ll post here again.
LikeLike
September 15, 2009 at 1:08 pm |
Thanks for the kind words everybody! Actually the wp-config.php file can exist in one of two places by default: either the root WordPress directory or one level above that directory. WordPress will look in both spots before throwing an error.
LikeLike
September 16, 2009 at 3:59 am |
@mugger I’m prepping a base setup that can be readily cloned… http://hg.nathany.com/wp-base/src/ It has an my wp-config as well as secret-sample as a template for creating ../secret.php (up a level).
An accompanying blog post should be up in a few days. Right now I’m waiting for DNS for vogsphere.org.
I’d also like to review Brad’s video and get those suggestions into my base setup.
@Brad Maybe something is different between our configs, but for me, ABSPATH points to the /wordpress/ folder inside public_html (webroot, htdocs, you get the idea ). WordPress looks in the ABSPATH folder and one directory up, which in my case is the public_html/wordpress/ folder and the public_html/ folder. Hence, my little workaround to drop a file two levels up from ABSPATH so its not inside public_html.
If ABSPATH is defined differently for you, as the actual public_html/ folder, I’d sure like to understand what I’m doing differently.
LikeLike
February 6, 2015 at 7:56 am |
But if, like me, you’re using a folder like wordpress/ to organize things, you need WordPress to look 2 levels up. The simple solution is to modify wp-config.php with something like this: require_once(ABSPATH . ‘../../secret.php’); just before the require for wp-settings.php. Put secret.php above your public_html folder and move all the password stuff to there.
LikeLike
August 25, 2015 at 10:19 am |
One glaring error in the wp-config.php stuff though. The file should really be in the directory above public_html/, not in public_html/ itself. If WordPress is installed directly in public_html/ then you’re all set.
LikeLike