How to Change the File and Directory Structure in WordPress

Because of the open source nature of WordPress, anyone can look up the typical file structure of your WordPress site and find exactly where an attack can be started. The good thing is that rearranging the core file structure of your WordPress site is a security method that can be employed in order to combat hackers and bolster your overall defenses. In this post, we will walk you through the two ways to customize your file structure both for Single and Multisite installs. Also, we will show you what code you need for bringing everything together.


Further reading:

How to Fix 404 Errors in WordPress After Changing Permalinks

The Many Uses to Which You Can Put Your WordPress Website

Top 5 Security Issues with WordPress and How to Fix Them

WP Rocket WordPress optimization tutorial

What you should know about optimizing your WordPress website for speed

WordPress Search Engine Optimization Tutorial

WordPress Security Plugins

WordPress Website Speed Optimization Tutorial

WordPress image optimization tutorial

How to Fix a Hacked WordPress Website

How to Fix the ERR_CONNECTION_TIMED_OUT Error in WordPress

How to Improve the Security of your WordPress Website

How to implement SEO friendly Redirects in WordPress


In this post, you can find:

  • The Importance of Backup
  • Changing Your File Directory
  • Creating a New Directory
  • Updating the URL for Your Files
  • Moving Your Files
  • Editing the Index Page
  • Finishing Things Up


The Importance of Backup

Never forget that customizing your file structure can break your website quickly. Thus you need to be careful and create a backup. It will ensure that you can restore your WordPress site to its former working state in case something goes wrong. You can do a backup just for your files, but we recommend a complete backup that would help you restore anything. We have a tutorial on How to Backup Your WordPress Website that you can check.

In case your files cannot communicate with your database and display your website, there will be error messages with sensitive information printed on your site’s front-end. Getting rid of this can be quite helpful. It can be done by turning on the error logging so that all issues are discreetly in a log that can be accessed only by you.

While on the subject of front-end errors, we should mention that reorganizing your file structure takes your website offline for a couple of minutes while the process is completed. This is why setting up a temporary redirect (302) is a good idea and would keep your site visitors (and search engines) happy while you are switching things up.


Changing Your File Directory

The first change to make is moving all except two files away from the root of your website to a different directory. Doing this would mean having to change the site’s URL from to something like However, it’s possible to keep your website’s address how it is while still migrating your files into a separate directory.

Your URL will make hackers assume that all files are located in your install’s root, but they would quickly realize that it’s not the case when they cannot hack your WordPress site. Since guessing where your files are would not be easy, they are most likely to stay untouched.


Further reading:

How to modify search features of your WordPress website

7 Security Tips for a WordPress Website

Basic Guide to WordPress Security

Configuring the basic settings in your WordPress website

How to Backup Your WordPress Website Automaticaly Using Backup Plugins

How to Backup and Restore the backup of a WordPress Website

How to Create Redirects in WordPress


Creating a New Directory

There are two ways for creating a new directory in the root of your website. You can Start by creating a new directory in the root of your site. You can choose to do this through the cPanel file manager, or via FTP with a program like FileZilla

To locate your site’s files in cPanel, you need to go to Files ? File Manager after logging in. In the root, click the Folder button at the top of the page and enter the name of your new directory.

Make sure that you don’t name your new folder in a way that is not obvious (WordPress, wp-core, your site’s name, etc.). Think of a secure name that is not easily guessable, but clear enough for you. After creating a new folder and before moving any other files, you will need to update your WordPress address which tells your website where the core files are located.

Updating the URL for Your Files

Log into your WordPress website if you have a single install and then go to Settings ? General in the admin Dashboard. Add a slash at the end of your website’s address in the WordPress Address (URL) field. After the slash, you should put the name of the directory created by you. Do not include a trailing slash at the end.

When you are done, click on the button Save Changes. Now, your site should not be available, and you should not panic - it’s a normal part of the whole process.

In case you have a Multisite network, you will not be able to update your WordPress address from the admin Dashboard. For a Multisite network, you need to hard code the address in the wp-config.php file.

This can also be done for a single installation, but please note that you will not be able to update the URL in the dashboard when you are ready.

Open wp-config.php file and add those files to the bottom of the page, but before the /* That's all, stop editing! Happy blogging. */ line:

define('WP_SITEURL', 'https://' . $_SERVER['SERVER_NAME'] . '/application');

define('WP_HOME', 'https://' . $_SERVER['SERVER_NAME']);

Make sure that you replace application with the name of the newly created folder. If your domain does not have an SSL certificate installed, you also have to replace the https part to http in both lines.

Afterward, save changes and ignore all error messages or your site’s unavailability for the time being. Now it’s time to move all core files.

Moving Your Files

When using cPanel, go back to the file manager and your site’s root. Select all the files and folders, except the new folder that you’ve just created. Once you can see them all highlighted, simply drag and drop them into the new directory.

Go into the new folder and select the .htaccess file. Click the button Copy at the top of the page and then edit the file path in the pop-up to reflect your install’s root. Click on Copy File(s).

If you do not see it on the list, you have to click on Settings at the top-right of the page and click on the checkbox to show all hidden files, then save. In case you see it in the root of your install, move it, as well as all other hidden files to your new directory.

Once the .htaccess file has been copied back to its original location successfully, copy the index.php file exactly the same way.

Editing the Index Page

For your site to reflect the new file path, you have to update your index.php file. Select the one you copied to the root of your WordPress site and click on the Edit button which is at the top of the page.

Find the following lines toward the bottom of the file:

/** Loads the WordPress Environment and Template */

require( dirname( __FILE__ ) . '/wp-blog-header.php' );

Update /wp-blog-header.php to include the new directory. For example, if you named the new folder application, you should change your file path to this: /application/wp-blog-header.php

Finishing Things Up

Proceed with saving your changes and logging back into the dashboard of your site. The URL that you visit should include the new directory. Again, if the new directory is named application, you would have to visit or

Now go to Settings ? Permalinks and click on Save Changes at the page’s bottom. This will update your .htaccess file automatically, so all posts on your sites are still displayed when a user visits.

Keep in mind that if you don't have the time to do everything we explained in this post, or if you just don't feel like it, you can always submit a ticket to our expert tech support team. They work 24/7. Explain your requirements and they will gladly assist you with everything hosting related. Also, if you are not yet our client, you can check our web hosting plans.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to Keep Your WordPress Website Updated

Updating your WordPress website is good for its security, content and data integrity and also for...

How to Install and Setup Your Premium WordPress Theme

WordPress is an excellent web development tool and still remains the most popular content...

How to create and manage a page in WordPress

Creating pages in WordPressCreating individual pages in WordPress is quite similar to writing a...

WordPress Search Engine Optimization Tutorial

Wikipedia defines Search engine optimization (SEO) as the process of affecting the online...

How to Secure a WordPress Website

How to Secure WordPress with Unique Admin UsernameMost applications use "admin" as username and...