Moving wp-content outside of web root?

Is it possible to move the entire wp-content folder outside of the Web root? I need to prevent anyone to view any asset file (images, pdfs, movies etc) with a direct url to the file…
Any ideas? Or could I do this safely with htaccess?

Related posts

Leave a Reply

2 comments

  1. See Ben Word – How to Hide WordPress

    Summary:

    In the Roots Theme we’re taking several steps to help make it not so
    obvious that you’re using WordPress:

    1. Cleaning up the output of wp_head and removing the generator from RSS feeds
    2. Hiding /wp-content/ by rewriting static theme assets (CSS, JS, and images), rewriting the plugins directory, and also changing the
      location of WordPress uploads
    3. Cleaning up the output of navigation menus with a custom walker
    4. Bonus: root relative URLs
  2. I would highly recommend that you NOT move wp-content outside of the docroot. WordPress utilizes wp-content for more than uploads. This would have a huge impact on the accessibility of themes and plugins.

    WordPress uploader will not play well with this scenario, and you’re only allowed to add an alternate relative relative path to the WordPress URI as well (Settings->Media), which means WordPress is constricted to uploading to the docroot. This makes sense because 99.99999999% of sites would never need this functionality.

    This would be a bear of a project to tackle within WordPress from scratch. I would recommend that you use Amazon S3 and install a plugin like CDN Vault. They claim to protect locally hosted files and cloud hosted files on S3. I haven’t verified either, but it looks like a good start.

    Hope this helps you out!