Moving WordPress: Moving Your Site From a Subdirectory to the Root Directory

Moving WordPress: Moving Your Site From a Subdirectory to the Root Directory

Moving WordPress: Moving Your Site From a Subdirectory to the Root Directory

There are times when you need to create a WordPress site in a subdirectory and not the root directory for the domain it’s hosted on. I sometimes do this if I’m developing a new WordPress site to replace a static site, and I want to leave the static site in place while giving the client access to the new site during development for approval. Even if you do your development work locally, you may sometimes need to do this.

When you come to make the site live, you don’t want its URL to—you want it to be So you might think you have to manually move the site from its subdirectory to the site’s root directory.

The good news is that you don’t. You can leave the site exactly where it is and just tell WordPress what you’ve done by making a few changes to settings and minor edits to a couple of files. It just takes five minutes or less.

What You’ll Need

To follow this tutorial, you’ll need:

  • an installation of WordPress that’s ready to go live
  • an FTP client or CPanel File manager
  • a code editor

This method will work on a standard installation of WordPress, and will work with most frameworks or if you’re using a parent and child theme structure.

Beware! This method will not work for Multisite installations, which should always be in the root directory.

Before You Start

Before doing this, it’s a good idea to make a backup of your site, just in case. Use your preferred backup plugin to do this. And if you haven’t installed a backup plugin prior to going live, you really should!

Getting Rid of the Old Site

Does your client have a horrible, outdated, static site that they’ve hired you to update and move to WordPress? Now’s the time to consign it to history.

Removing a Static Site

If there is an existing static site in the root directory, delete the files for it. I tend to make a backup locally just in case my client decides they need something from the old site, although this hasn’t happened yet.

Removing a WordPress Site

If there’s an existing WordPress site in the root directory, you’ll need to remove it completely:

  • Drop (delete) the old site’s database using phpMyAdmin. You’ll probably have two databases: one for the old site and one for the new. If you’re not sure which is which, check the wp-config.php file for the old site and it will tell you which database to drop. For advice on deleting a database, see this thread on Stack Overflow.
  • Delete all of the WordPress files and folders in the root directory, being careful not to delete the folder your new site is in.
  • Beware: don’t do this until you have made a backup!

Editing Your New Site’s Settings

You’ll need to edit two settings in your new site: permalinks and the site address.

Turn off pretty permalinks in the Permalinks screen, which you’ll find in Settings > Permalinks. Do this by selecting the Default option and clicking Save Changes.

In Settings > General, change the address of your site but not the address of WordPress. For example, if you’ve been working on the site, change the settings as follows:

  • WordPress address (URL):
  • Site Address (URL):

Click the Save changes button and move on to the next steps before trying to access your site.

Editing and Copying Files

Before you can access your site, you’ll need to make minor edits to a couple of files, so that WordPress knows where to find the site.

Copying the Files

Using FTP or CPanel file manager, copy (don’t move) the following files from your WordPress directory to the root directory:

  • index.php
  • .htaccess, if you have one. If there isn’t an .htaccess file (and the fact that you’ve turned off pretty permalinks means you’re less likely to have one), don’t worry about creating one—just skip this step.

Editing index.php

Edit the index.php file that you’ve moved. You could do this by:

  • editing it in situ after the move, using an FTP client or cPanel file manager
  • downloading it from the subdirectory, editing it and then uploading it to the root directory—instead of making a copy

The edit you need to make is to one line at the end of the file. Find the line that reads as follows:

1 require (‘./wp-blog-header.php)

Change it to:

1 require (‘./subdirectoryname/wp-blog-header.php)

So if you’ve been developing in, just change the line to:

1 require (‘./development/wp-blog-header.php)

Save the new index.php file.

Final Steps

Back in the WordPress admin screens, turn pretty permalinks on again, with whatever settings you need for your site.

Visit the root domain of your site in the browser and it will display the site that’s stored in the subdirectory, but won’t show this in the URL, which will be displayed as the root URL. And that’s it!


As you can see, moving WordPress from a subdirectory to the root directory is incredibly simple and doesn’t actually require you to move WordPress. Just change some settings, copy and edit a couple of files, and you’re good to go.

71% of SA businesses can’t defend against email-based cyber-attacks

71% of SA businesses can’t defend against email-based cyber-attacks

71% of SA businesses can’t defend against email-based cyber-attacks

Mimecast survey reveals low levels of preparedness against data breaches.

February 18, 2016

Email security for cyber attacks

mobile facebookmobile twittermobile googleplusmobile email

Mimecast, the email security, email continuity and email archiving cloud company, today released the results of its new global research study: Mimecast Business Email Threat Report 2016, Email Security Uncovered.

The survey of 600 IT security professionals, shows that while 71% in South Africa regard email as a major cyber-security threat to their business, 41% don’t feel fully equipped or up to date to reasonably defend against email-based attacks.

One-third of global respondents also believe their email is more vulnerable today than it was five years ago.

Email continues to be a critical technology in business and the threat of email hacks and data breaches loom large over IT security managers.

Consequently, confidence and experience with previous data breaches and email hacks play key parts in determining a company’s perceived level of preparedness against these threats and targeted email attacks.

Of the 600 surveyed, just 59% in South Africa feel confident about their level of preparedness against data breaches.

Of the 41% who don’t feel fully prepared against future potential attacks, 49% experienced such attacks in the past, indicating that they don’t feel any more protected following an attack than they did prior.

This is also reflected in the few steps taken toward widespread email security.

Although 75% of the South African respondents highlight email as a common attack vector, one out of ten report not having any kind of email security training in place.

Among the least-confident respondents, 23% attest to lacking any supplementary security measures.

“Our cyber-security is under attack and we depend on technology, and email in particular, in all aspects of business. So it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend themselves against email-based threats in particular,” said Brandon Bekker, managing director, Mimecast South Africa.

“As the cyber threat becomes more grave, email attacks will only become more common and more damaging. It’s essential that executives, the C-suite in particular, realize that they may not be as safe as they think and take action. Our research shows there is work still to be done to be safe and we can learn a lot from the experience of those that have learnt the hard way.”

Budget and C-suite involvement were the biggest gaps found between the most and least prepared respondents.

Among the IT security managers who feel most prepared, five out of six say that their C-suite is engaged with email security.

However, of all IT security managers who were polled, only 17% in South Africa say their C-suite is extremely engaged in email security, while 28% say their C-suite is only somewhat engaged, not very engaged, or not engaged at all.

Those who feel better prepared to handle email-based threats also allocate higher percentages of their IT security budgets toward email security.

These IT security managers allocate 50% higher budgets to email security compared to managers who were less confident in their readiness.

From these findings, the data points to allotting 10.4 percent of the total IT budget toward email security as the ideal intersection between email security confidence and spend.

Mimecast found that five distinct “personas” emerged among the respondents, and characterized them into a Cyber-Security Shiver Grid based on their levels of email security and perceptions of data breach confidence: the Vigilant (16%), Equipped Veterans (19%), Apprehensive (31%), Nervous (6%) and Battle-Scarred (28%).

Mimecast security confidence infographic

Mimecast security confidence infographic

Altogether, a majority of the IT security managers – totaling 65 percent, comprising the apprehensive, nervous and battle-scarred respondents – feel unprepared to manage email-based attacks.

Other key findings of the survey include:

  • The top 20 percent of organizations that feel most secure are 250 percent more likely to see email as their biggest vulnerability.
    • Confident IT security managers are 2.7x more likely to have a C-suite that is extremely or very engaged in email security. They are also 1.6x more likely to see C-suite involvement in email security as extremely or very appropriate.
    • The least confident IT security managers are more likely to be using Microsoft’sExchange Mail Server 2010, which ended mainstream support in January 2015. The most confident managers are more likely to use the up-to-date Exchange Server 2013.
    • 70 percent of IT professionals that have recently and directly experienced an email hack employ internal safeguards, such as data leak prevention or targeted threat protection.
  • Apprehensive IT security professionals are more likely to be found in smaller (fewer than 500 employees) firms than larger ones (32 percent to 18 percent, respectively).
  • Less than half (48 percent) of IT security managers in smaller firms feel confident and well-prepared for tackling email security threats, compared to larger companies.

This study was created by Mimecast and March Communications, and facilitated by Vanson Bourne, during late 2015, consisting of 600 IT security decision makers from the USA (n=200), the UK (n=200), South Africa (n=100) and Australia (n=100) on their companies’ level of email security, IT preparedness and confidence in defending against cyber threats, as well as past experiences with data breaches and email hacks.

The overall margin of error is ± 4 percent at the 95 percent confidence level. For more information, or to download the full research report, click here.