WordPress has this really nice feature where you can install it on say http://mysite.com/wordpress/ folder but make the site serve pages at http://mysite.com. What this means for you – it’s easy to switch directories and it’s good for organizing things in the background. For the longest time I’ve used this method because I like certain things to be filed neatly way in a folder of its own. A huge pet peeve is a messy /public_html. If you want to learn how to do this, the steps are outlined in the Codex.
Recently, while checking up on how easy it is to crack into some people’s WordPress installations, I found a huge mistake some people did when using this neat feature. Instead of copying the index.php file as the Codex suggests, they moved it.
Big mistake! That means you now lose an index file and expose the whole WordPress folder for others to see and consequently use as an exploit. If you want to move an index file out of any folder sure, do it but always put an empty index.html file back in there.
