You find the individual steps easily in a web search. Most critical is the change of SQL table prefixes. I did it manually using phpMyAdmin. When finished, no link was working any longer. Reason: permalinks were set to %postname%. After switching first to default and then back to %postname% everything was fine.
I also struggled with the password protection. Inportant: add the line ErrorDocument 401 default, otherwise you might always get the “page not found” message.
Steps to do:
- Move config.php file one directory above wordpress installation directory
- Remove admin user
(create new user with full rights and delete old user) - Protect wp-admin and wp-includes directories
(read for owner and group only = 751) - Hide wordpress version and login error messages
Add in functions.php (in your ChildTheme directory):
<?php remove_action(‘wp_head’, ‘wp_generator’);
add_filter(‘login_errors’,create_function(‘$a’,”return null;”)); ?> - Delete readme.html file from web root directory
- Password protect wp-admin directory (I used CPanel to create .htaccess).
Modify .htaccess file in wp-admin – add:
ErrorDocument 401 default - Modify .htaccess file in web root:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule> - SQL: change prefixes of database tables from
“wp_” to “new_prefix_”