Changing the location of the WP Cerber directory
WP Cerber uses its own directory to store quarantined files, diagnostic logs, and temporary files created and deleted by the integrity and malware scanner. By default, this directory is created as a hidden subdirectory within the WordPress uploads directory and is protected by an .htaccess file.
Since WP Cerber 9.5.3 you can change its location to a more secure place by using a PHP constant. To do this, you need to define the PHP constant CERBER_FOLDER_PATH in the wp-config.php file. Avoid using the functions.php file in the active theme folder for defining the constant.
Note: WP Cerber creates its directory as a subdirectory within the given path.
You have three methods to define a new location: an absolute path, a path relative to the WordPress home directory, or a traversal path above the WordPress home directory. Let’s see those methods separately.
Using an absolute path
This method is generally secure if the new location is not accessible from the internet, but it may require updating the defined path after the website has been moved. The path begins with a directory separator, which is typically ‘/’ on most WordPress hosting platforms. Here is an example:
define( 'CERBER_FOLDER_PATH', '/var/www/my-secure-path/' );
Using a traversal path relative to the WordPress home directory
It’s a recommended compromise between security and compatibility if you are going to move the website. The path starts with two dots. Here is an example:
define( 'CERBER_FOLDER_PATH', '../my-secure-path/' );
Using a path relative to the WordPress home directory
Although it is a less secure method, it is fully compatible with any new location of the website if you are going to move the website because the directory resides within the WordPress directory. The path does not begin with a directory separator or two dots. Here is an example:
define( 'CERBER_FOLDER_PATH', 'my-secure-path/' );
Once you’ve defined the path, it will be shown on the Diagnostic tab in the WP Cerber Constants section.
How to move an existing WP Cerber directory
When you define the constant, an existing WP Cerber directory and its contents is not moved automatically. If you need to move the directory and keep its contents intact, follow these steps in the given order:
- Locate the existing WP Cerber directory. By default, it resides in the WordPress uploads folder. The name of the WP Cerber folder is displayed on the Diagnostic tab. The folder name always begins with “wp-cerber-” followed by a random string, e.g., wp-cerber-6P8QNB3U7TAWH1ZGS.
- Copy the entire WP Cerber directory to the new location by using a file manager in your hosting control panel or an SFTP client.
- Define the constant with the path to the new location.
- Delete the WP Cerber directory in the old location.
It is essential to ensure that there is no direct access to the WP Cerber folder within the new path from the internet; otherwise, defining a new path makes no sense.
Make sure the defined path is not within a regularly cleaned temporary folder; otherwise you can lose your quarantined files and diagnostic logs.
Do not use the functions.php file in the active theme folder for defining the constant.
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.