Thanks.
I was able to log in to wp-admin and everything looked fine code wise. In the end I just took it down and started over, since the site wasn’t very large.
Not ideal, but it will give me a chance to keep track of everything from a clean install perspective.
I completely understand that. It is not meant to be the only line of defense, just an added deterrent. It seems to be fairly common practice, but it’s pointless to do it at all if the subdirectory is just going to be exposed.
I’ve read of people doing it successfully, but none of the .htaccess edits I’ve seen has worked for me.
