How to rename the plugins folder to increase the security

Usually, for security reasons, people rename any kind of folder, but they don’t rename the plugins folder.

Renaming the plugins folder makes the protection of your website stronger.

Many times bad robots scan the net until they find websites that have vulnerable plugins.

Most of the time they detect the plugins by checking wp-content/plugins on the page.

If instead of having wp-content/plugins you have for example wp-content/extensions, probably the bad robot will not detect any plugin.

If you inspect elements of this page you will see the folder of plugins on this website is called “penguins”.

Bad robots would not expect that folder calls “penguins”.

Renaming the folder of plugins is very easy:

Add the following lines of code in wp-content/wp-config.php at the beginning of the file

define( 'WP_PLUGIN_DIR','/[path-to-your-main-folder]/wp-content/penguins');
define( 'PLUGINDIR','wp-content/penguins' );


Where you should replace with your domain, [path-to-your-main-folder] with the path of your main directory, and “penguins” with the name you want to give to the plugins folder.

Then rename via FTP the plugins folder assigning the same name you wrote in wp-config.php.

Nothing else, check your website to see if it’s all ok.

Or, if you prefer it, you can install directly the plugin Rename Plugins Folder.

In any case, make a backup of the file wp-config.php, so you will be sure whatever happens, you can go back.

If your theme or your plugins don’t follow the best practices to refer to the plugins folder, you may have issues with the new name. If so, go back to the original name, or write to the author of the plugin that gives you issues.

If all follow the best practices, it’s totally possible to rename the plugins folder without any issue.