Installing WordPress as a Submodule

When start any web project one of the first things I do is to set up a repository with git and get my code under version control. Version control has quickly become an invaluable part of my work flow and I suspect it has save me hour of time and headache. If you are not version controlling your projects then I full recommend you check out git and github and dive in.

When it comes to WordPress there is some discussion of what to put into your repo. I generally just version control the theme folder that I am developing which has worked pretty well for me. The other alternative is to version control the whole wordpress install and by that I mean the core file the plugins and the themes.

Of course there are pros and cons to both methods, which can basically be summarised like this:

The theme only method means that your repo will be  leaner and easier to understand there will be no commits if WordPress updates or if you install a plugin only the changes you make to your code in your theme folder. It also means that you can easily reuse your theme on any site you wish

The downside is that when you deploy your theme then you will manual have to add any plugins that you need to your live site. Also you might need to update wordpress to the same version of your dev site.

Unsurprisingly committing the whole WordPress install has basically the exact opposite pros and cons.

There is a third method which is gaining popularity and that is to install wordpress as a git sub module. This basically means that at the root of your site you have wordpress in its own folder as a git sub module and next to that you have your wp-content folder along with you wp-config.php file and your index.php file. Now this is easier to set up then you might think. I have created a simple wordpress sub module gist that shows the bit of config that you need to do.

I’m currently trialling this method in my latest project and with regards to the code management benefits of this work flow it is still too early for me to draw and conclusions, but at first glance it definitely seem to be a more modern and modular approach, which can’t be a bad thing. As a by product of this method I have also noticed a some security benefits for wordpress.

WordPress Security

By installing wordpress as a sub module you can no longer access the WordPress login at the usual url i.e. instead you have to login within a custom folder like this It stands to reason that if you do not allow signup on your site then this url will never be exposed to robots and the likes that might want to try and guess your password.

This may just be a little security gain but as it is so easy to achieve I think I will be using it regularly form now on.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>