[Lesson 2] Modify Wp-Config File outside the root folder

How to Protect wp-config File in Your WordPress

wp-config.php is that one file that can literally make or break your website. This special file contains the WordPress configuration details and is one of the most vital files on your website.

It holds confidential information on your WordPress database among other necessary information required to access the database. This makes it crucial to secure it.

Here are some ways to Secure wp-config.php file:

1. Protection through .htaccess file

Step 1 – Connect your WordPress website using an FTP Client.

Step 2 – Navigate to the public_html directory and download the .htaccess file.

Step 3 – Edit and include the following lines of code at the end of the .htaccess file:

#protect wpconfig.php

order allow, deny
deny from all

Once you’re done editing save and upload it back to the server.

These lines will resist internal access and code modifications to your wp-config.php.

2. Protect by Moving wp-config.php

Usually, the wp-config.php file is located in the root directory. Changing its default location can reduce the risk of it getting hacked.

You can do this by following a few steps:

  1. Step 1 – Connect your website using an FTP client.
  2. Step 2 – Select the wp-config.php file and cut its content and place it in a file outside to public_html as shown in the video.
  3. Step 3 – Few steps here are a little tricky, hence you’d need to follow video rigorously.

3. Setting up the correct file permissions for wp-config.php

The wp-config is one of the most sensitive files in the entire directory since it contains all the information about base configuration and also the database connection information. The appropriate file permission for this file will be 400. This means that the user has permission to only read and others will not be able to access the file.

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany