Title: [Plugin: BulletProof Security] BPS and folder locations Last modified: August 20, 2016 --- # [Plugin: BulletProof Security] BPS and folder locations * Resolved [joolze](https://wordpress.org/support/users/joolze/) * (@joolze) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/) * Hi, * If I change the default folder locations, will BPS still work effectively? * For example, here’s what my site layout looks like: * [http://mysite/index.php](http://mysite/index.php) [http://mysite/wordpress](http://mysite/wordpress) [http://mysite/wp-content](http://mysite/wp-content) * Thanks Jools * [http://wordpress.org/extend/plugins/bulletproof-security/](http://wordpress.org/extend/plugins/bulletproof-security/) Viewing 14 replies - 1 through 14 (of 14 total) * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885124) * Yes, BPS works with every type of WordPress installation. If you are migrating your website to another folder or you are going to change your site to a Giving WordPress Its Own Directory (GWIOD) setup then you will need to create new .htaccess files using AutoMagic because your RewriteBase and RewriteRules will change to your new folder location. * Thread Starter [joolze](https://wordpress.org/support/users/joolze/) * (@joolze) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885197) * Hi AITpro, thanks for your response. * This is what I did:- * 1) Clicked the ‘Create secure.htaccess File’ automagic button. This button was in the first of three columns of automagic buttons, labeled “Use these Automagic buttons…”. It reports “Success”. * 2) Clicked the “Activate Website Root Folder .htaccess Security Mode” ‘Bulletproof Mode’. It reports “BulletProof Security Root Folder Protection Activated”. * However, inside the .htaccess file, based on my folder structure in my original post, the paths are incorrect. The .htaccess file has wp-content as a subfolder of the wordpress folder. And the various files are unprotected. * Am I doing something wrong? * Thanks Jools * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885222) * BPS looks at the Settings you have entered on the WordPress General Settings page to determine your website root folder. If you entered incorrect paths under these settings then BPS will use these incorrect path settings in your RewriteBase and RewriteRule. WordPress Address (URL) Site Address (URL) * Your folder structure that you posted does not make sense to me. Typically for a root website WordPress setup you would see these folders. /wp-content /wp- admin /wp-includes * for a subfolder site you would have this folder structure /wordpress/wp-content/ wordpress/wp-admin /wordpress/wp-includes * Thread Starter [joolze](https://wordpress.org/support/users/joolze/) * (@joolze) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885249) * Thanks again for your reply. * For the folder structure, I was following the recommendation of Mark Jaquith, a core developer from the WordPress team. He recommends having WordPress in its own folder, “pristine”, as he put it, and having the wp-content folder outside it. [http://c3mdigital.com/adding-git-to-your-wordpress-development-workflow/](http://c3mdigital.com/adding-git-to-your-wordpress-development-workflow/) * I’ve checked, double checked and triple checked the paths. WordPress itself works perfectly with this folder structure. Plugins are installed to, and read from the correct location, as are themes. * In the wp-config.php for the local site file, i have the following:- * /* Change the default location of the content directory */ define(‘WP_CONTENT_URL’,‘ [http://localhost/mysite/wp-content’](http://localhost/mysite/wp-content’);); define(‘WP_CONTENT_DIR’, ‘/Users/username/Sites/mysite/wp-content’); define( ‘ WP_PLUGIN_URL’, WP_CONTENT_URL . ‘/plugins’ ); define( ‘WP_PLUGIN_DIR’, WP_CONTENT_DIR.‘/ plugins’ ); * And something similar for the remote site, which also works perfectly. * In the WordPress admin General Settings, these are the settings which work perfectly. Nothing else works:- * WordPress Address (URL) = [http://localhost/mysite/wordpress](http://localhost/mysite/wordpress) Site Address (URL) = [http://localhost/mysite](http://localhost/mysite) * In the .htaccess file, I’m finding /wordpress/wp-content which isn’t specified anywhere. * Totally stumped. Everything is working perfectly except BPS. * Jools * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885251) * Hmm interesting never heard of any of this stuff and to tell you the truth i am not seeing the benefit in doing any of these things, but i will look into this a little more to see why and what the benefit would be of doing this stuff would be. Seems actually like going backwards or doing something that is backwards compatible? * I have no idea then where your root folder is being pulled from since none of this config above makes any sense to me. Sorry. * What you can do instead of using AutoMagic is just enter in the correct RewriteBase and RewriteRules since you are obviously ok with doing additional WP config stuff. Really all that matters is that your RewriteBase matches your actual real root folder. * examples: for a wordpress site that is installed in the root of the domain The RewriteBase is just / * for a wordpress site installed in a subfolder of the root folder called /my-subfolder The RewriteBase is /my-subfolder/ * Thread Starter [joolze](https://wordpress.org/support/users/joolze/) * (@joolze) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885253) * Thanks so much for your help. I’ll look into doing that first thing in the morning( it’s 2am here). * Jools * Thread Starter [joolze](https://wordpress.org/support/users/joolze/) * (@joolze) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885254) * One thing while I remember. There may be more people with this problem who don’t know they have a problem. BPS status, reports that everything is ok, even though protection isn’t happening everywhere it should. * Jools * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885256) * hmm interesting. Not sure how many folks mess around with their standard WP config stuff, but i will look into what this stuff is supposed to do and if it appears popular then i will add some help info about this type of config. I would think that since the RewriteBase and RewriteRules would not be generated correctly due to this type of configuration that the problem would be apparent immediately. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885257) * I looked around and the only info i can find on this has to do with configuring a local development WordPress setup (XAMPP, etc) for this. I can see the benefit in that. So is this how you are using this config? If not and you are using this config on a Production / Live site then could you post a link to more info about this type of config. * Thread Starter [joolze](https://wordpress.org/support/users/joolze/) * (@joolze) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885288) * > never heard of any of this stuff and to tell you the truth i am not seeing > the benefit in doing any of these things * A lot of people, including me, use GIT to manage and deploy their web apps. Changing the default configuration might allow them to more easily manage that process. From a versioning point of view, I have no interest in the core WordPress files. I don’t want the files that I am interested in being intermingled with the core WordPress files. Perhaps that’s what Mark Jaquith of the core WordPress team meant when he talked about keeping WP separate and “pristine”. * There could be any number of reasons. What’s irrelevant to me, might be important to someone else and other people might have reasons I’ve never thought of. That seems entirely likely with the vast reach of WordPress and some of the huge sites now using it. * > hmm interesting. Not sure how many folks mess around with their standard WP > config stuff * I’m under the impression that almost no average Joe’s change their standard WordPress configurations. I’m also under the impression that a huge number of pro’s DO change their standard WordPress configuration. * > So is this how you are using this config? * You can recreate my setup exactly from all the info I provided above. I didn’t miss anything out. That setup is experimental at the moment. The default configuration doesn’t suit me for versioning purposes. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885289) * Ok so the GIT link you provided does have info on the uses for this config then. I read through that post, but i did not see the connection until now. Now i understand what you are doing with this config. 😉 * It looks very interesting so i have made a note to experiment with this in November when i have some free time. Thanks for the GIT tip – it looks pretty cool. * I think what i should do is add GIT info to the FAQ in the next release of BPS so that folks using GIT will hopefully see that info and be aware that they will have to do some additional config stuff to BPS. Thanks for pointing this out. * Thread Starter [joolze](https://wordpress.org/support/users/joolze/) * (@joolze) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885290) * Pleasure. * > Thanks for the GIT tip – it looks pretty cool. * Really. GIT vs. FTP = no contest. Deploying with GIT is just fast because GIT compresses and packages everything up as one file before uploading it. * You can also create branches with completely separate code and swap out the entire site for something else, in a heartbeat. For example, for maintenance mode. * Thanks for your help. Your plugin is one of the very best. * Jools * Thread Starter [joolze](https://wordpress.org/support/users/joolze/) * (@joolze) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885299) * In case you need to experiment when you’re looking into it in November, I’ve written exact instructions for creating a site with an altered folder structure. And I’ve tested it. Hope this is useful. * I followed your advice about RewriteBase, and modified the BPS generated .htaccess file. It works fine. Note that BPS generates the .htaccess file into the new wordpress subfolder, and I move it back to the root. * Given a fresh wordpress install at [http://localhost/mysite](http://localhost/mysite) these instructions will change the default location of the folders so that the core wordpress files are in a subfolder called ‘wordpress’. The finished root folder structure will look like this: * –> wordpress –> wp-content –>index.php –> wp-config.php * To achieve this follow these steps:- * 1) WordPress->Settings->General->WordPress Address (URL). Change this value to [http://localhost/mysite/wordpress](http://localhost/mysite/wordpress) 2) Save the settings. The page will now give a ‘Not Found’ error, which is expected. 3) Go to the wordpress folder ([http://localhost/mysite](http://localhost/mysite)) and create a subfolder called ‘wordpress’. 4) Move all files into the new wordpress subfolder, EXCEPT for the following files which should remain in the root folder: * wp-content wp-config.php index.php .htaccess * 5) Edit index.php and change: require(‘./wp-blog-header.php’); to require(‘./ wordpress/wp-blog-header.php’); 6) Edit wp-config.php. Before the database entries at the top, add the following lines. * define(‘WP_CONTENT_URL’, ‘[http://localhost/mysite/wp-content/’](http://localhost/mysite/wp-content/’);); define(‘WP_CONTENT_DIR’, ‘//mysite/wp-content/’); define( ‘WP_PLUGIN_URL’, WP_CONTENT_URL . ‘/plugins’ ); define( ‘WP_PLUGIN_DIR’, WP_CONTENT_DIR . ‘/plugins’); * NOTE: that in the line containing WP_CONTENT_DIR, replace ‘’ with the full path from the root of your drive. No shortcuts (such as ‘~/username’ on a mac). * Your installation should now work. Type [http://localhost/mysite](http://localhost/mysite) into a browser. * NOTE: that to get to the admin pages, you need to add the new wordpress path eg. [http://localhost/mysite/](http://localhost/mysite/)**wordpress**/wp-admin * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885312) * Wow! Awesome! I can just link to this thread for the GIT FAQ. Thanks. 🙂 Viewing 14 replies - 1 through 14 (of 14 total) The topic ‘[Plugin: BulletProof Security] BPS and folder locations’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) * 14 replies * 2 participants * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/) * Last activity: [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-bulletproof-security-bps-and-folder-locations/#post-2885312) * Status: resolved