Secure WordPress Using Bedrock (WordPress Boilerplate)

Now in these days WordPress is very popular and Demanding CMS.

But security is a measure concern with WordPress websites.

So hold on take a breath and go through the below article and secure your WordPress instance using BEDROCK.

What is Bedrock?

Bedrock is a WordPress boilerplate that modifies, improves the structure and execution of WordPress. It will help us to make our instance more secure and powerful.

Advantage of Bedrock

1. Separate configuration per environment

Bedrock has a separate configuration file for each environment like local, staging, production.

2. Environment variables

Bedrock use dotenv (.env) file for configuration and environment variables.

3. Enhanced security:

Bedrock has separate locations for files (Themes / Plugins / Uploads) and WordPress core. Also, Bedrock’s web root is isolated to limit access to non-web files. Bedrock also has more secure passwords through the wp-password-bcrypt plugin.

4. Custom wp-content directory

Bedrock has a different folder (app) for data that is placed in the wp-content folder.

5. Composer for managing WordPress installation

Bedrock use composer and you can easily manage, modify things using composer.

6. Composer for managing WordPress plugins and themes

Using composer you can install/ delete WordPress plugin and theme in bedrock environment.

7. PSR-2 coding standards

Bedrock follow PSR-2 Standards

8. mu-plugins autoloader

Bedrock has pre-build autoloader for mu-plugins (Must Use Plugins)

How we can Use it, Files & Folder Structure

Just Chill…. It really simple and easy to use Bedrock, you just need to follow the below steps and go to work with bedrock.

Files & Folder Structure:

Bedrock follows a simple file & Folder structure as below.


Bedrock Installation


  1. PHP 7.1
  2. Composer

Step 1: Using the composer execute below command to create a new bedrock instance.

composer create-project roots/bedrock instance_name

Step 2. Update environment variable in .env file (Available in the root of the installation folder)

  1. Database Configuration
    DB_NAME – Database Name
    DB_USER  – Database Username
    DB_PASSWORD – Database Password
    DB_HOST – Database HOST
  2. Environment Configuration

    WP_ENV ( development , staging , production)
  3. URL Configuration

    WP_HOME – Full URL to WordPress home directory e.g.
    WP_SITEURL – Full URL to WordPress including subdirectory

Key Points:

  1. Access WordPress admin using
  2. Add themes, plugins in web/app/ folder
  3. Set document root on the server to bedrock folder “path/to/site/web/”
  4. Update salts key in .env file using salt generator command or online tool
    a. Salt Generator Command –
    b. Online WordPress Salt Generator –

Now you are done with the installation of bedrock with more secure and handy tools like command-line installation and configuration. 🙂