I usually recommend that people install WordPress at the root directory of their sites. Even if you intend to mostly use WordPress for a blog, and run it at
/blog/, you can still do that when WordPress is installed in the root directory. It's just a matter of changing some simple settings. But just because WordPress is installed and controlling your site from the root directory, that doesn't mean that the WordPress core files need to be located in that same location.
You may want WordPress installed in a subdirectory just to keep that root directory of your site clean. There are a lot of files that power WordPress and keeping them all at the root can be an eyesore:
You Can Install WordPress in a Subdirectory and Still Control the Root
Yep that's right. You've probably seen the preference for it a million times and never really thought twice about it (if you are like me). It's located under Settings ▸ General:
That first setting, WordPress URL, give you the opportunity to set where the actual WordPress files are, and use the second setting to point where you want the root of your site to be.
This means you could create a new subdirectory (say, "wordpress"), put all your WordPress core files in there, and still control the root. The codex has a nice step by step on this, but I'll cover it quickly here as well.
- Move (or intially put) ALL of the WordPress core files into a subdirectory (e.g.
- Change the General settings (see pic above) to the proper new locations.
- Copy the index.php and .htaccess file back to the root
- Open the index.php file and change the line:
require('./wordpress/wp-blog-header.php');. If you use a different subdirectory, obviously "wordpress" would be whatever you named that subdirectory.
- Log into the backend. Note that you probably used to log in at
/wp-admin/but it will be
- Go to Setting ▸ Permalinks and click the save button to update the permalink rules in your .htaccess file
- Make sure all is well on the front-end.
Since I would think very few sites do this, you are getting the bonus of security by obscurity. Bots scrounging around your site probably will never find the WordPress core files since they are in a subdirectory that isn't referenced publicly anywhere.