Stop redirect of several URLs to the admin area


Many people – including me – recommend to install WordPress in a subdirectory to enhance security. This allows you to create a subdomain pointing to your wp-content Directory and to change the WP_CONTENT_URL in you wp-config.php to use this subdomain. This hides the name of the subdirectory WordPress is installed in from the HTML code.

Let’s say your domain is and you uploaded an image named photo.jpg in december 2016. The URL of the image will be And now let’s say you installed WordPress in a subdirectory named mysite, but still using without the directory as your home URL. In that case the path mysite will not be visible in the URL of your pages. If you use a  secret name for the subdirectory – different from mysite – it will not be possible for hackers to guess that your admin dashboard is accessible on

Theoretical. Your images will still betray the physical path. The URL of our image above now will be Using a subdomain that points to the /mysite/wp-content directory on your webserver closes this security gap. Let’s say your subdomain is, then the URL of the image will be The path mysite is successfulle hidden from your HTML code.

But there’s still a problem. For easier access to the admin area WordPress redirects several URLs to it. Typing in in a browsers address bar in our example will automatically redirect to The same if you try – plus some other URLs.

This code snippet prevents WordPress from betraying the path WordPress is installed in. Trying to access then will cause a 404 error. Using this simple code securely hides your WordPress location. The admin area will be available only for people who know the correct URL.

Share this page: