How to Protect wp-config File in Your WordPress
wp-config.php is that one file that can literally make or break your website. This special file contains the WordPress configuration details and is one of the most vital files on your website.
It holds confidential information on your WordPress database among other necessary information required to access the database. This makes it crucial to secure it.
Here are some ways to Secure wp-config.php file:
1. Protection through .htaccess file
Step 1 – Connect your WordPress website using an FTP Client.
Step 2 – Navigate to the public_html directory and download the .htaccess file.
Step 3 – Edit and include the following lines of code at the end of the .htaccess file:
#protect wpconfig.php
order allow, deny
deny from all
Once you’re done editing save and upload it back to the server.
These lines will resist internal access and code modifications to your wp-config.php.
2. Protect by Moving wp-config.php
Usually, the wp-config.php file is located in the root directory. Changing its default location can reduce the risk of it getting hacked.
You can do this by following a few steps:
- Step 1 – Connect your website using an FTP client.
- Step 2 – Select the wp-config.php file and cut its content and place it in a file outside to public_html as shown in the video.
- Step 3 – Few steps here are a little tricky, hence you’d need to follow video rigorously.
3. Setting up the correct file permissions for wp-config.php
The wp-config is one of the most sensitive files in the entire directory since it contains all the information about base configuration and also the database connection information. The appropriate file permission for this file will be 400. This means that the user has permission to only read and others will not be able to access the file.
