Wordpress Security
For wordpress security, it is a common practice to move up by one level the wp-config.php file from the publichtml directory. Allowing the very important wp-confog.php file to remain in the publichtml directory is considered unsafe. Presently this is not possible in cloudways. WIll this be allowed by cloudways in the futire?
-
AdminCloudways (Admin, Cloudways) commented
We offer now a private_html folder one level above public_html where you can deploy configuration and other sensitive files. Please go over:
Note that this is only valid for newly deployed applications. For already deployed applications, contact support so we can create the necessary structure for you.
Cloudways Team
-
dstar commented
On default installation, it could even be a random number after wp-login-123xx.php and wp-admin-123xx/
-
dstar commented
Maybe also consider moving wp-login.php and wp-admin somewhere we manually set. That can reduce the bruteforce to a certain degree.
-
AdminCloudways (Admin, Cloudways) commented
We are aware of this and we are considering options.
Cloudways Team
-
fgilio commented
This is also a common approach at a better WordPress organization: https://github.com/markjaquith/WordPress-Skeleton