Stop redirect of several URLs to the admin area

WORDPRESS CODE SNIPPET

Many people – including me – recommend to install WordPress in a subdirectory to enhance security. This allows you to create a subdomain pointing to your wp-content Directory and to change the WP_CONTENT_URL in you wp-config.php to use this subdomain. This hides the name of the subdirectory WordPress is installed in from the HTML code.

Let’s say your domain is www.example.com and you uploaded an image named photo.jpg in december 2016. The URL of the image will be www.example.com/wp-content/uploads/2016/12/photo.jpg. And now let’s say you installed WordPress in a subdirectory named mysite, but still using www.example.com without the directory as your home URL. In that case the path mysite will not be visible in the URL of your pages. If you use a  secret name for the subdirectory – different from mysite – it will not be possible for hackers to guess that your admin dashboard is accessible on www.exmaple.com/mysite/wp-admin.

Theoretical. Your images will still betray the physical path. The URL of our image above now will be www.example.com/mysite/wp-content/uploads/2016/12/photo.jpg. Using a subdomain that points to the /mysite/wp-content directory on your webserver closes this security gap. Let’s say your subdomain is content.example.com, then the URL of the image will be content.example.com/uploads/2016/12/photo.jpg. The path mysite is successfulle hidden from your HTML code.

But there’s still a problem. For easier access to the admin area WordPress redirects several URLs to it. Typing in www.exmaple.com/wp-admin in a browsers address bar in our example will automatically redirect to www.exmaple.com/mysite/wp-admin. The same if you try www.exmaple.com/admin – plus some other URLs.

This code snippet prevents WordPress from betraying the path WordPress is installed in. Trying to access www.exmaple.com/wp-admin then will cause a 404 error. Using this simple code securely hides your WordPress location. The admin area will be available only for people who know the correct URL.

Share this page: